Author Topic: Resource use of Network monitor, IM shield and P2P shield  (Read 4622 times)

0 Members and 1 Guest are viewing this topic.

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Resource use of Network monitor, IM shield and P2P shield
« on: January 10, 2007, 01:07:52 AM »
When I start these 3 services the RAM usage doesn't change anything. Neither is there any new processes. How do these three work? Since they have to be installed they are obviously not included in the Standard or Web shield, so where are they?

BTW: After installing Network shield I had to reinstall Comodo firewall :-(

BTW2:  If I have a NAT router with a firewall, and use all the shields in avast!, do I then really need a software firewall at all (since the router hides the ports, and avast! scans the programs trying to communicate with the network/im/p2p/mail/web scanners)?
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #1 on: January 10, 2007, 01:48:47 AM »
When I start these 3 services the RAM usage doesn't change anything. Neither is there any new processes. How do these three work? Since they have to be installed they are obviously not included in the Standard or Web shield, so where are they?
I'm curious to learn too...

BTW: After installing Network shield I had to reinstall Comodo firewall :-(
I've installed, uninstalled, both Comodo and avast... I've never had any trouble with these two...

BTW2:  If I have a NAT router with a firewall, and use all the shields in avast!, do I then really need a software firewall at all (since the router hides the ports, and avast! scans the programs trying to communicate with the network/im/p2p/mail/web scanners)?
As far I know, only if you want to monitor, log, etc. the outbound connections.
The best things in life are free.

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #2 on: January 10, 2007, 09:08:33 AM »
But won't the avast! network shield monitor known dangerous outgoing programs (isn't that what it is doing). And dangerous programs that do act as servers or send data out without my knowledge should be in the virus database as well (trojans), right? So they should really be detected before they start sending anything, right?
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11805
    • AVAST Software
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #3 on: January 10, 2007, 10:08:25 AM »
Most of the functionality of these shields is in:
1. avast! drivers - which are probably loaded anyway, and you don't see them in RAM usage
2. ashServ.exe - which is probably loaded anyway (because of the other providers)
The "installed" part of these providers is mostly their gui (for the On-access scanner console) and some a small control module - which has so small memory usage that you probably don't notice anyway.

The Network Shield, in my opinion, handles only incoming connections, not outgoing.

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #4 on: January 10, 2007, 10:21:14 AM »
So with a NAT firewall (or software firewall) then the network shield is no point?

Will the standard scanners in avast! detect trojans that send data out from the system (making the "application monitor" part of a firewall no point). I'm looking into if I really need a software firewall as long as I have a NAT router with firewall and avast!
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #5 on: January 10, 2007, 12:00:31 PM »
So with a NAT firewall (or software firewall) then the network shield is no point?
Basically, you're right. You can disable the Network shield if you have a firewall. It's good to have your operational system updated too.
But, like Igor said, at driver level, it won't take resources if it is on...

Will the standard scanners in avast! detect trojans that send data out from the system (making the "application monitor" part of a firewall no point). I'm looking into if I really need a software firewall as long as I have a NAT router with firewall and avast!
Well, sometimes avast will take time to update the signatures and detect the trojan behavior. Layered defense will ask you to get the protection of the firewall and know what is happening in your computer, which parent application is sending data from your computer.

As far I know, only if you want to monitor, log, etc. the outbound connections.

The Network Shield, in my opinion, handles only incoming connections, not outgoing.

I'm glad my guesses get confirmed  8)
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #6 on: January 10, 2007, 12:29:25 PM »
I may be wrong (would not be the first time) but I have assumed that the only real outbound scanning function of avast that really did anything was the outbound scanning of email and the ability of avast (at high setting of the Internet Mail provider) to catch excessive outbound email transmissions.

As for NAT router vs software firewall ... I would point you to the oft repeated advice from DavidR in these forums.  If an infection gets into your system and starts to send out your bank account passwords, details of your email passwords etc ... your NAT router will happily allow them through without the merest hint of upsetting your day.  A software firewall with outbound restrictions (unlike the current Windows XP firewall) should be alerting you and seeking your approval for all outbound connections and giving you the chance to wonder why stealingyourpassword.exe  would be seeking outbound internet access.     

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #7 on: January 10, 2007, 12:40:09 PM »
But many expert claims that if a program want to send data out it easu to get passed the software firewalls anyway, so that is really false feeling of security. It's a huge discussion on this in the "firewalls" newsgroup (on usenet). And that a software firewall will only catch well-behaved applications (and those won't try anything like that anyway)
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #8 on: January 10, 2007, 02:54:54 PM »
But many expert claims that if a program want to send data out it easu to get passed the software firewalls anyway
If the firewall is not well set... and, indeed, in many times this is what happens  :'(

So that is really false feeling of security.
Fully agree. In some computers, with people with some habits, on-demand scanning of spywares/adwares and good browsers (and their settings), you'll be better than using a firewall.

It's a huge discussion on this in the "firewalls" newsgroup (on usenet). And that a software firewall will only catch well-behaved applications (and those won't try anything like that anyway)
Yes... this is the case in many times (for instance, ZoneAlarm).
Because of this, Comodo is receiving better grades in reviews. It tries to monitor non-good-applications behavior  ;)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85779
  • No support PMs thanks
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #9 on: January 10, 2007, 05:57:23 PM »
But many expert claims that if a program want to send data out it easu to get passed the software firewalls anyway, so that is really false feeling of security. It's a huge discussion on this in the "firewalls" newsgroup (on usenet). And that a software firewall will only catch well-behaved applications (and those won't try anything like that anyway)

That may well be true of some firewalls but not all software firewalls. Not every piece of malware, trojan downloader or backdoor, etc. is going to be trying to do this and something in the way of outbound protection is always going to be better than nothing at all.

So if you are happy to leave the door wide open and not even bother to close the door then you have to expect people to use it. A burglar might break in through a window but they often leave through the door. However, it is your system and your choice who to listen to and what to do.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Resource use of Network monitor, IM shield and P2P shield
« Reply #10 on: January 10, 2007, 06:00:16 PM »
1. Network, Standard, P2P and IM Shields are implemented inside a kernel-mode driver so you won't see any RAM usage changes or anything...

2. RE Outboud protection of firewalls: I dare to disagree on this one. I don't think it's a false sense of security, if taken with a grain of salt (as always). It is not very easy to bypass a good firewall with outbound protection - if we're talking about CLASSIC malware/spambots/backdoors etc. (that is, such a firewall can indeed be very efficient weapon against those). But of course, it's almost impossible to prevent leaking of ANY data (except for disconnecting the machine from the network) -- for a nice writeup, have a look e.g. here: http://en.wikipedia.org/wiki/Steganography


Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.