Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Hermite15 on January 03, 2011, 01:57:23 PM
-
will it support IPV6? thanks ;)
-
no, it won't.
-
Hi,
I hope you don't mind me chiming in. Here is information I got from emailing Lukas. This was a few days ago.
Hello Steve,
trully, IPv6 is now not supported. It is on my TODO list, but it needs quite a lot of work in the whole avast project, not only firewall. We would like to have avast supporting IPv6 in all parts at once. Are you already using it? I doubt that nowadays. Personaly I know just a very few addresses on the Internet that are accessible via IPv6. At home, where I am right know, it is out of question anyway – UPC, my cable provider does not support IPv6 here, but this can change very quickly in the future, I know.
Version 6 is planned early in 2011, it will not support IPv6 in the first builds, but we will probably add the support during the year.
Lukas
-
2) Don’t allow new programs – hmm, I am afraid we don’t fully implement what is written here. Sorry. At first we though that users would use the program mostly in Work/Medium Risk Zone, configure their apps there and switch to the two (Home and Airport) modes only for special cases for short periods of time. For such use, it would make sense to prevent any new program rules to be created in Airport mode (to prevent any accidents in risky environments) – however it turned out, that the airport mode is pretty usefull on its own, and it wouldn‘t be so cool to prevent creating new application rules in this mode, so actually I am afraid you have found a bug on this one – the description should be changed!
Thanks a lot! I’ll file a bug and decide what to do – either remove the description, or add such feature (probably by default off, but switchable in expert settings)
Lukas.
-
may I add something: most efforts in Avast 5 development are being concentrated on the free version components almost exclusively. It's not just about IPV6, but also the ability to abort connections individually. Okay time will tell I suppose... I know V6.0 will bring new virtualization features, but again, the firewall is being left aside.
-
2) Don’t allow new programs – hmm, I am afraid we don’t fully implement what is written here. Sorry. At first we though that users would use the program mostly in Work/Medium Risk Zone, configure their apps there and switch to the two (Home and Airport) modes only for special cases for short periods of time. For such use, it would make sense to prevent any new program rules to be created in Airport mode (to prevent any accidents in risky environments) – however it turned out, that the airport mode is pretty usefull on its own, and it wouldn‘t be so cool to prevent creating new application rules in this mode, so actually I am afraid you have found a bug on this one – the description should be changed!
Thanks a lot! I’ll file a bug and decide what to do – either remove the description, or add such feature (probably by default off, but switchable in expert settings)
Lukas.
Hmm.. So it's supposed to disallow all attempted connections made by programs not already on the list of App Rules? Sounds useful... Is this feature going to be in 6.0?
-
My ISP has no (at least public) plan for how to transition to the IPV6 era. The big issue seems to be the transition of the existing CPE plant via Toredo tunneling or similar, in parallel with introducing native IPV6 addresses for new subscribers and how all that is going to work. Don't even have an estimated date at this point. I don't think that Avast! is really behind on this, BTW, because of the uncertainties for the users.
As far as Airport mode, I wish this was just called HotSpot mode. It is what all of us travellers use, whether from a hotel or an airport or a commercial service or just somebody's open repeater. The key feature is that no one on your LAN is trusted, ever. Yet you need to install programs and function with a normal internet interface in spite of all that; you just don't share. And it can go on for long periods of time (months sometimes in my case).
Looks like we will all live in interesting times. :)
-
another thing (don't want to start another thread for this), I never had any explanation as to why this bit appears in the firewall help files. A "process control" section is supposed to exist in the firewall advanced settings ??? ;D where is it ??? ...okay joke apart, it that suppose to be implemented one day? this section of the help files has been there since the beginning of Avast5 (AIS). I guess this is supposed to trigger another type of alert and a way to work that the firewall obviously still doesn't have.
Process control
Here you can define which programs can, and cannot, run other applications that have access to the Internet or can connect with other computers on your network. This is useful as it can prevent an incoming connection from simply launching another application, which may then be used to perform unauthorized actions. This is a trick commonly used by hackers to collect personal or sensitive information without the user's knowledge.
If a program is not listed in either category, avast! will decide automatically whether or not the process should be allowed by carrying out various checks, for example whether the program that is trying to launch another application is a recognized program and one that would normally be expected to behave in this way.
-
But again, the firewall is being left aside.
+1
Even non-security related features aren't being added:
1. Possibility to see the file name/path and sort the applications.
2. Cleaning the applications rules for programs that does not exist anymore (temporaries).
3. Training/installation mode.
4. Ability to configure the alerts: TCP, UDP, ICMP, loopback.
5. Predefined policies.
etc.
-
another thing, IPV6 related: homegroup connections between W7 computers use IPV6, but I mentioned this before... well as long as you trust your friends on the LAN, np, otherwise leave Windows Firewall activated ;D
-
oh I just remembered Vlk saying about a year ago or so that many features that we requested about the firewall were already there, just not in the UI, just not activated... yet ... :-\
-
@ Tech, if you mean file path on the Application Rules page, you can just click "More Details" at the bottom of the page to view it. And I do not see the need for a training mode, the way it is now is just fine (imo).
Yet you need to install programs and function with a normal internet interface in spite of all that; you just don't share.
+1. That's what Public mode does now. that is, block all incoming connections, but I wouldn't mind a feature to block all new programs that's switchable in the expert settings.
oh I just remembered Vlk saying about a year ago or so that many features that we requested about the firewall were already there, just not in the UI, just not activated... yet ... :-\
Interesting, I wonder why ???
GG
-
Maybe for testing purposes. Hope the firewall will be improved in the future.
-
@ Tech, if you mean file path on the Application Rules page, you can just click "More Details" at the bottom of the page to view it.
No, it's not this. I want a grid, with columns, that I could sort, etc.
-
@ Tech, if you mean file path on the Application Rules page, you can just click "More Details" at the bottom of the page to view it.
No, it's not this. I want a grid, with columns, that I could sort, etc.
agreed, organization of firewall rules is absolutely terrible, i dont think ive ever used such an unorganized firewall rules list, i made a suggestion in the wishlist thread already about this and i hope it is improved.
-
Agreed, organization of firewall rules is absolutely terrible, i dont think ive ever used such an unorganized firewall rules list, i made a suggestion in the wishlist thread already about this and i hope it is improved.
Agree with your agree. :)
-
I would add to that that when several rules apply to a same app, as confirmed by alerts in "ask mode", it's all registered in rules.xml >>> there's not much to see in the UI ::) okay that's a concept, they wanted to keep the UI as simple and clean as possible, but it's not very useful.