Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: tultalk on May 20, 2011, 09:27:39 PM

Title: Where did sandbox come from
Post by: tultalk on May 20, 2011, 09:27:39 PM
Hi:

   I have an app running on client machine. Yesterday I got a call that all the stuff they had put in the database over the last few days is missing.

   I went to clients office today and when I started the app up came this dialog warning me about the app and talking about sand box. I selected run normally from the drop down and the app proceeded to open. The app GUI was surrounded by a bright red line. 
Never saw this before. I asked the client about the dialog and they said they didn't know what it was and clicked Ok thus running in the sandbox and discarding all their input. I was shocked.

   I have never seen anything like this and whoever designed it to function like this deserves the stupid programmer award.
After disabling this feature, I came back to my office and check the versions of Avast on my 2 other computers. Neither has this option. Where did it come from and on what version?

   Did it ever occur to you to not install it in an enabled condition and pop up a dialog explaining what it is and asking if the user wants this running??

   I spent 4 hours with the client inputting the data that was lost to this stupid improvement.

   Are you using Chines programmers?
Title: Re: Where did sandbox come from
Post by: RejZoR on May 20, 2011, 10:17:22 PM
I guess they missed the thick red edge around the sandboxed programs...
Title: Re: Where did sandbox come from
Post by: Rednose on May 20, 2011, 10:29:33 PM
Well, it seems that your client doen't read pop up dialogs ::)

Greetz, Red.
Title: Re: Where did sandbox come from
Post by: DBone on May 20, 2011, 11:26:46 PM
Sounds like the OP needs to do a better job of learning and understanding the software he is installing on his clients machines, and then, the OP needs to do a better job of explaining to his clients how to use the software.
Title: Re: Where did sandbox come from
Post by: Dch48 on May 20, 2011, 11:33:47 PM
Quote
I selected run normally from the drop down and the app proceeded to open. The app GUI was surrounded by a bright red line.

This is not possible unless the client told it to run sandboxed and then,and only then, also told avast to remember the answer. (But, this is not possible either since the option to remember is greyed out if you choose to run the app sandboxed) If you click on run normally, there will be no red border around the apps gui and the program will function fully.

The auto sandboxing was added in version 6.0.
Title: Re: Where did sandbox come from
Post by: SafeSurf on May 21, 2011, 01:15:11 AM
This link will give you (OP) more information about the Sandbox feature so that you can educate yourself and your clients: https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=787&nav=0,2 (https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=787&nav=0,2).

Please let us know if you have any additional questions.  Thank you.
Title: Re: Where did sandbox come from
Post by: Rednose on May 21, 2011, 01:51:24 AM
Well, I am not eager to help the OP, because he is not only insulting Petr as the Sandbox developer, but Chinese people as well :(

Greetz, Red.
Title: Re: Where did sandbox come from
Post by: Jack 1000 on May 21, 2011, 02:29:49 AM
Well, I am not eager to help the OP, because he is not only insulting Petr as the Sandbox developer, but Chinese people as well :(

Greetz, Red.

I agree Red,

There was such anger in his post and he had only one post, so I was concerned he might be a troll.  The Sandbox is a wonderful feature!  It provides protection for programs that might be suspicious, but have not yet been confirmed as viruses.  Sandboxing, in Avast 6, allows the users to either prompt (default), auto-run, or disable working with files of this nature.  When sandboxed, the system and your identity cannot be harmed.  When you close the program, it "disappears" from the sandbox and system, like it was never there.  This is part of Avast's virtualized environment.  A barrier that protects you the user, and your files.

Jack
Title: Re: Where did sandbox come from
Post by: Dch48 on May 21, 2011, 04:48:17 AM
Not to mention that the example he gives can not possibly happen in the first place.
Title: [RESOLVED] Re: Where did sandbox come from
Post by: SafeSurf on May 21, 2011, 10:08:58 AM
Then perhaps we should no longer respond in this thread and close it since the OP has not returned.
Title: [RESOLVED] Re: Where did sandbox come from
Post by: Jack 1000 on May 21, 2011, 10:43:32 AM
Then perhaps we should no longer respond in this thread and close it since the OP has not returned.

I agree!

Jack
Title: Re: Where did sandbox come from
Post by: pk on May 21, 2011, 02:03:13 PM
In my opinion, autosandbox warning box is shown for a lot of applications very often and I think heuristic is too strict. Unfortunately, vlk & other viruslab guys do this on purpose (marketing). I'd like to see autosnx box only when avast is really not sure about the application which is going to be executed. I'm sure, most our avast free users (where autosnx feature is included) don't have a clue what's the sandbox and how it works. They just need silent antivirus, running in background and without additional configuration - showing annoying popups don't really help.
Title: Re: Where did sandbox come from
Post by: RejZoR on May 21, 2011, 02:43:28 PM
Interesting. I'm not seeing all that much popups. So far the only problematic stuff were Adobe Flash based games on Steam (like Machinarium or Windosill). Those usually trigger Auto Sandbox dialog. But if you think of it, Flash content running in browser and executed through Steam. I'd be suspicious as well.
But certainly this requires refinement over time to make less popups when not needed like you pk suggested.
Title: Re: Where did sandbox come from
Post by: DavidR on May 21, 2011, 05:02:05 PM
I don't see the autosandbox that frequently on my two systems Desktop XP Pro and netbook win7.

I have downloaded lots of small applications/tools, etc. and or updates and running them on the XP Pro system seems to bring up more autosandbox pop-ups than the win7 netbook.

This is strange as frequently I just copy the app/tool onto a USB stick and install it on the win7 netbook from the USB. I would have thought that in doing it this way I would get more autosandbox pop-ups rather than less.
Title: Re: Where did sandbox come from
Post by: Asyn on May 21, 2011, 05:13:34 PM
Unfortunately, vlk & other viruslab guys do this on purpose (marketing).

Oh oh oh... :-\

Interesting. I'm not seeing all that much popups.

+1
Could be that D+ is faster here, though..!?? ;)
Title: Re: Where did sandbox come from
Post by: Vlk on May 21, 2011, 07:25:19 PM
In my opinion, autosandbox warning box is shown for a lot of applications very often and I think heuristic is too strict. Unfortunately, vlk & other viruslab guys do this on purpose (marketing).

Marketing? I'm not sure what you mean here, i.e. how would it help avast (in any way) if the autosandbox popups were too frequent (or inaccurate).
 
The algorithm is being fine-tuned continuously, and also, before a new heuristics method is added, we also test it quite extensively (i.e. once we implement the algorithm, we deploy it to the user base, but instead of popping up the autosandbox offer we just report about the samples so that we can check what they are and whether the detection is accurate.

On the other hand, I'd like to add an easier way to report autosandbox false positives (i.e give users a simple way to report FPs directly from the offer dialog).

Thanks
Vlk
Title: Re: Where did sandbox come from
Post by: MAG on May 21, 2011, 07:32:12 PM
In my opinion, autosandbox warning box is shown for a lot of applications very often and I think heuristic is too strict. Unfortunately, vlk & other viruslab guys do this on purpose (marketing).

Marketing? I'm not sure what you mean here,

pk can explain what he meant, but as a reader I assumed he meant improved detection rate in independent tests.

I'm not sure if an unnecessaryuser prompt is counted as a FP in those tests or not though - ie if there's a downside)
Title: Re: Where did sandbox come from
Post by: pk on May 21, 2011, 07:46:46 PM
Well, as for me I'd like to see popups only for very suspicious applications. When such application will be executed in sandbox, tiny popup on right side of screen should notify user that app was executed in sandbox. When it terminates itself, another popup should tell user how many operations were suspicious/blocked and show user-friendly information report.
Title: Re: Where did sandbox come from
Post by: DavidR on May 21, 2011, 08:09:51 PM
<snip>
The algorithm is being fine-tuned continuously, and also, before a new heuristics method is added, we also test it quite extensively (i.e. once we implement the algorithm, we deploy it to the user base, but instead of popping up the autosandbox offer we just report about the samples so that we can check what they are and whether the detection is accurate.

On the other hand, I'd like to add an easier way to report autosandbox false positives (i.e give users a simple way to report FPs directly from the offer dialog).

Isn't this really were the avast ComminityIQ should come in, for every alert/notification of the autosandbox, shouldn't that information be passed up the CommunityIQ chain ?

Diving slightly off topic, but still on the FP and CommunityIQ theme, anti-rootkit suspicious alerts have been on the rise with a number of FPs reported in the topics. This too is an area that it needs to be easier for users to report possible FPs. Currently that is non-existent and I don't know what happens in relation to the CommunityIQ and suspicious anti-rootkit pop-ups ?
Title: Re: Where did sandbox come from
Post by: DavidR on May 21, 2011, 08:13:30 PM
Well, as for me I'd like to see popups only for very suspicious applications. When such application will be executed in sandbox, tiny popup on right side of screen should notify user that app was executed in sandbox. When it terminates itself, another popup should tell user how many operations were suspicious/blocked and show user-friendly information report.

Whilst that would be good, up to a point.

But the problem is that the user isn't aware that what happens in the autosandbox is lost at the end of the autosandbox session (part of the OPs irate post). Any installation as such isn't happening in the real environment and the user wonders why his program hasn't installed.
Title: Re: Where did sandbox come from
Post by: Asyn on May 21, 2011, 08:13:42 PM
Isn't this really were the avast ComminityIQ should come in, for every alert/notification of the autosandbox, shouldn't that information be passed up the CommunityIQ chain ?

Good question..!
I also thought it would/should do that...???
Title: Re: Where did sandbox come from
Post by: Jack 1000 on May 21, 2011, 08:51:14 PM
Interesting. I'm not seeing all that much popups. So far the only problematic stuff were Adobe Flash based games on Steam (like Machinarium or Windosill). Those usually trigger Auto Sandbox dialog. But if you think of it, Flash content running in browser and executed through Steam. I'd be suspicious as well.
But certainly this requires refinement over time to make less popups when not needed like you pk suggested.

I have seen one pop up with Version 6, and Virus Total had 1/40 listed for this file.  I wasn't sure about it, so I sent it to the lab.  A few weeks later, I scanned the file from the Chest and it came up clean.  When I opened it, Avast told me it was going to be sandboxed. (Have my setting set to Auto.)

I was grateful for this, because the lab probably thought the file MIGHT be safe.  (I sent the Virus Total Report too), but just to be sure, they sandboxed it.

Let's say that a file is restricted in the sandbox.  Can certain parts of the program or file not run because it is sandboxed?  If you sandbox a program, especially in Avast Pro or IS, does the sandboxed program get installed to the Add/Remove Programs List?  Or does the program not do that, because of it being virtualized?  I know everything goes away when the program is closed.

Now that we have a good discussion here, we should keep this topic open.

Jack
Title: Re: Where did sandbox come from
Post by: Asyn on May 21, 2011, 08:58:10 PM
Jack, are you talking about ASB or SB or are you mixing these two..??
The last replies were all related to the ASB. ;)
Title: Re: Where did sandbox come from
Post by: Nesivos on May 21, 2011, 09:15:29 PM
In my opinion, autosandbox warning box is shown for a lot of applications very often and I think heuristic is too strict. Unfortunately, vlk & other viruslab guys do this on purpose (marketing). I'd like to see autosnx box only when avast is really not sure about the application which is going to be executed. I'm sure, most our avast free users (where autosnx feature is included) don't have a clue what's the sandbox and how it works. They just need silent antivirus, running in background and without additional configuration - showing annoying popups don't really help.

AutoSandbox wanted me to sandbox "RadioSure".   So I checked it out on "Virustotal" and they agreed.  So now I run RadioSure Virtualized.

Avast knows the truth! :)
Title: Re: Where did sandbox come from
Post by: Asyn on May 21, 2011, 09:24:00 PM
AutoSandbox wanted me to sandbox "RadioSure". So I checked it out on "Virustotal" and they agreed.  So now I run RadioSure Virtualized.

How did VT agree..???
If it is malware don't run it at all..!!!
Title: Re: Where did sandbox come from
Post by: Nesivos on May 21, 2011, 09:32:58 PM
AutoSandbox wanted me to sandbox "RadioSure". So I checked it out on "Virustotal" and they agreed.  So now I run RadioSure Virtualized.

How did VT agree..???
If it is malware don't run it at all..!!!


found something called potential malware or some such thing.

Besides the music options are too great not to take the small risk.  I had actually used it for years before I had the Avast Sandboxing feature and have never had a problem to my knowledge ??? that resulted from it.

How can you not love 1 Club.FM Bar Rockin' Blues :) :)  That station cooks bigtime
Title: Re: Where did sandbox come from
Post by: Gargamel360 on May 21, 2011, 09:35:10 PM
How did VT agree..???
If it is malware don't run it at all..!!!
LOL, +1



Title: Re: Where did sandbox come from
Post by: Asyn on May 21, 2011, 09:44:57 PM
found something called potential malware or some such thing.
Besides the music options are too great not to take the small risk. 

:o ::) ;D :( :-X 8)
Title: Re: Where did sandbox come from
Post by: Jack 1000 on May 21, 2011, 10:28:44 PM
Jack, are you talking about ASB or SB or are you mixing these two..??
The last replies were all related to the ASB. ;)


Well,

For my story, I only have Avast 6 Free, so I mean the SB. (Regular Sandbox)  Sorry for the confusion!

I can try to explain:

In Avast Free: Any program that Avast determines to be suspicious can run in the Sandbox.  Users can select "Ask" (default), "Auto", or "Off."  The program or file is isolated from the system/user so it cannot harm anything when in the sandbox.  In the Free version, only files/programs deemed by Avast to be suspicious get flagged for the Sandbox.

In Avast Pro/Internet Security: (Paid Versions) I understand that you have the same prompts, but an added feature is that you can right-click in the content menu or in settings and manually choose to run ANY program or file in the Sandbox.  I think you can also change Avast settings to sandbox everything you open, over-riding manual control.  The "Open Everything" in sandbox may strain your computer RAM and other resources because of the amount of checking and security integration that Avast has to do.  Some critics say that sandboxing everything is a little too paranoid, but its there in the paid versions of Avast if you want it.

I understand there is also a program called Sandboxie, that I think is free to try, and $30 to buy.  It's like the paid version of Avast where anything any everything could run in a virtulized environment.  I am happy with the free version of Avast and I also use WOT and Virus Total to help guide me away from suspicious sites and files.

Jack
Title: Re: Where did sandbox come from
Post by: Asyn on May 22, 2011, 08:54:37 AM
I only have Avast 6 Free, so I mean the SB. (Regular Sandbox)

No, you mean the AutoSandbox (ASB)..!! ;)