Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: SCORPIONINBLUE on November 25, 2004, 09:57:45 PM
-
I'm quite sure of the answer to this question but I just want to know the facts, someone in a group I belong to was insisting that Avast has a firewall, he said it was great for removing worms. Now, I know that this is one of the functions of your anti-virus program, but he insists that he has a firewall from Avast!! Please confirm what I already know (just for my own satisfaction, I'm not going to get into a 'flame' war with this person about this). Thanks!!
Scorpioninblue
-
The network shield should not be considered as a firewall.
So the answer is no.
avast has no firewall.
-
Network Shield provides limited inbound protection, more to combat the usuall exploit ports. It doesn't provide any outbound protection.
I think Vlk and Technical have given good explanations of the function of the Network Shield.
Extract from the avast Help file:
Network Shield - Provider Settings
Network Shield provider protects your computer from Internet worm attacks. It works similarly to a firewall, even though it does not fully substitutes it. The Network Shield does not require any user interraction.
Note: This resident provider is available on Windows NT, 2000, XP, and 2003 only.
So you still require a firewall for outbound protection. XP's Firewall also doesn't provide outbound protection.
-
avast does not have a firewall and it's not a firewall.
A new resident protection module was added to avast! 4.5: the Network Shield. It is meant as a protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).
Network Shield protects you from internet worms that spread themselves via various security holes in your system. Typicaly these kind of viruses don't infect files but instead they attack running processes on your PC (either Windows components or some server programs like SQL Server, IIS etc.). These kind of attacks are not easily catched by ordinary antivirus during file or mail scanning. It is not a duplicate work with Standard Shield.
On anything of speed <= 100 mbps the performance penalty should be negligible (unless you have very old hardware). On gigabit/10gigabit networks it may slowi things down considerably though. Few people are using these speeds to access the Internet...
Basically, it covers all Internet worms. Such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.
Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.
-
Thanks evangelist and others for giving your fellow users a detailed description of the function of the Network Shield, I have mine set at high since I have been a victim of one of the worms you described. I'm sure many users was wondering and speculating on what the shields purpose is. You've really shed some clear light on this matter and probably saved yourselves a lot of questions!! ;D Especially from novice users like me!! Thanks again fellas!!
Scorpioninblue
-
Hi,
I think the "normal-high" slider does not have any effect on P2P and Network-Scanner settings. Is this right?
-
Setting the network shield to high or normal makes no difference.
I would just like to add that the network shield does not stealth/filter ports which a firewall would do or prevent people from connecting to your PC.
And also if you have a firewall in place then you would not get any of the network shield pop ups unless your firewall isnt configured properly or the network shield has loaded before the firewall.