Poll

(Solved)What do you want to happen when avast's behavioral blocker detected unusual program behavior??

--
--

Author Topic: A better behavioral blocker (avast! 5)  (Read 18871 times)

0 Members and 1 Guest are viewing this topic.

Offline ~Graven

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 430
  • Gr6v3n
A better behavioral blocker (avast! 5)
« on: October 19, 2009, 09:09:52 AM »
Im really into this behavior blocking feature, and im happy it will be added to avast 5
But avast 5 wont let you give any option to allow or deny a program (as what i know)
Im not really sure, i only wanted to post this poll to see what behavior of the behavior blocker you prefer... nothing more..
Thanks

MS Windows Vista Home Premium, AMD Athlon 64 X2 Dual Core Processor 4800+, 1GB RAM, NVIDIA GeForce 6150SE, MBAM, SAS, WinPatrol, Avast! Antivirus

~ I've got a barrier for myself, I'll let everything through unless I know the changes it might cause.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: A better behavioral blocker (avast! 5)
« Reply #1 on: October 19, 2009, 09:37:59 AM »
Sorry, there's always more.  ;D
I would like to see an allow/deny option, and a recommendation based on the type of behaviour appended. Or at least a bit more tech info on what the behaviour is likely to mean.

Simply letting the program decide should perhaps be an option in the settings, but should not be default.What if it gets it wrong, and for whatever reason explorer.exe is quarantined, and you reboot before noticing this?
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline pete319

  • Sr. Member
  • ****
  • Posts: 364
Re: A better behavioral blocker (avast! 5)
« Reply #2 on: October 19, 2009, 10:24:19 AM »
I for one would probably have trouble deciding what behavior to allow or Deny.
I would assume avast would most likely have what behaviors to stop etc.
So i voted Let them decide whether if the program will be allowed or denied
   
Of course people with the Knowledge, would probably know what to deny or accept. 
AMD Sempron[tm] Processor 2800+ 1.60 GHz...512 Mb Ram... XP Home SP3...Avast free 5.0.594......SpywareBlaster...Secunia PSI... and Malwarebytes antimalware on demand... Private Firewall 7.0.21.1...IE8 and Firefox 3.6.6

Offline ~Graven

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 430
  • Gr6v3n
Re: A better behavioral blocker (avast! 5)
« Reply #3 on: October 19, 2009, 10:55:19 AM »
Sorry, there's always more.  ;D
I would like to see an allow/deny option, and a recommendation based on the type of behaviour appended. Or at least a bit more tech info on what the behaviour is likely to mean.

Simply letting the program decide should perhaps be an option in the settings, but should not be default.What if it gets it wrong, and for whatever reason explorer.exe is quarantined, and you reboot before noticing this?

oh, what i meant about the "nothing more" is that. they dont need to base their decisions through this poll.. i only want to know what is your opinions toward the issue :D

~ i think i should edit my post and put "with recommendations" when choosing the allow/deny options
MS Windows Vista Home Premium, AMD Athlon 64 X2 Dual Core Processor 4800+, 1GB RAM, NVIDIA GeForce 6150SE, MBAM, SAS, WinPatrol, Avast! Antivirus

~ I've got a barrier for myself, I'll let everything through unless I know the changes it might cause.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9271
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: A better behavioral blocker (avast! 5)
« Reply #4 on: October 19, 2009, 11:03:45 AM »
I don't mind Behavior Shield being DENY only for as long as it doesn't make mistakes and if they'll improve it for detection of binaries and not just very specific "entry points" as they call it. Main benefit of using Behavior Shield for everything is that you can seriously boost detection of new malware regardless of how it's obtained.
Visit my webpage RejZoR's Flock of Sheep

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: A better behavioral blocker (avast! 5)
« Reply #5 on: October 19, 2009, 11:05:34 AM »
This is the same discussion as to the options on virus detection and letting the user permit known badness into their system because they think they know better.

People with knowledge + experience = Behavior blocking advice
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline ~Graven

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 430
  • Gr6v3n
Re: A better behavioral blocker (avast! 5)
« Reply #6 on: October 19, 2009, 11:09:26 AM »
I don't mind Behavior Shield being DENY only for as long as it doesn't make mistakes and if they'll improve it for detection of binaries and not just very specific "entry points" as they call it. Main benefit of using Behavior Shield for everything is that you can seriously boost detection of new malware regardless of how it's obtained.
But for me it's kinda impossible if avast wont get a single mistake..  :-\
MS Windows Vista Home Premium, AMD Athlon 64 X2 Dual Core Processor 4800+, 1GB RAM, NVIDIA GeForce 6150SE, MBAM, SAS, WinPatrol, Avast! Antivirus

~ I've got a barrier for myself, I'll let everything through unless I know the changes it might cause.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: A better behavioral blocker (avast! 5)
« Reply #7 on: October 19, 2009, 11:15:05 AM »
I'm interested by this shield. Anyway, on the first error that it does, I'll stop it once for all. Can't leave an instance of any security program decide what is good or not by itself without making sure it's 100% secure for the system. If it's only 99.99%, I'll ditch it. To make it clear, if it blocks one time something that shouldn't be blocked, I'll stop it from running and won't even bother to try it again.
w7 - ais7

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: A better behavioral blocker (avast! 5)
« Reply #8 on: October 19, 2009, 11:27:26 AM »
I'm looking forward to the 0.01% error then maybe you will go away.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: A better behavioral blocker (avast! 5)
« Reply #9 on: October 19, 2009, 11:35:45 AM »
I'm looking forward to the 0.01% error then maybe you will go away.

got a problem with me kenny yo  ???  ;D
w7 - ais7

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9271
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: A better behavioral blocker (avast! 5)
« Reply #10 on: October 19, 2009, 12:20:41 PM »
I think they're going for the no mistakes but far less functionality. Like Network Shield. It never made a mistake, but it also had a very limited scope against malware types.
Visit my webpage RejZoR's Flock of Sheep

Offline ~Graven

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 430
  • Gr6v3n
Re: A better behavioral blocker (avast! 5)
« Reply #11 on: October 19, 2009, 12:30:34 PM »
I think they're going for the no mistakes but far less functionality. Like Network Shield. It never made a mistake, but it also had a very limited scope against malware types.
huh? that's kinda sad to know.. i want the allow/deny options than having this limitations.. it will help not that much in malware detecting.. :(
MS Windows Vista Home Premium, AMD Athlon 64 X2 Dual Core Processor 4800+, 1GB RAM, NVIDIA GeForce 6150SE, MBAM, SAS, WinPatrol, Avast! Antivirus

~ I've got a barrier for myself, I'll let everything through unless I know the changes it might cause.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: A better behavioral blocker (avast! 5)
« Reply #12 on: October 19, 2009, 12:31:47 PM »
yeah I've been thinking about the network shield as well and it's true it doesn't make mistakes. But it's watching the network/connections, not the local system.
w7 - ais7

Offline ~Graven

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 430
  • Gr6v3n
Re: A better behavioral blocker (avast! 5)
« Reply #13 on: October 19, 2009, 12:36:02 PM »
yeah it's true id doesnt make any mistakes BUT i rarely notice it in action..
oh no! behavior blocker having this limitations? how about the thousands and thousand of rogue software and unknown malwares..
haiiz  :(
MS Windows Vista Home Premium, AMD Athlon 64 X2 Dual Core Processor 4800+, 1GB RAM, NVIDIA GeForce 6150SE, MBAM, SAS, WinPatrol, Avast! Antivirus

~ I've got a barrier for myself, I'll let everything through unless I know the changes it might cause.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: A better behavioral blocker (avast! 5)
« Reply #14 on: October 19, 2009, 12:42:32 PM »
that's off topic here, but I've seen the network shield in action not so long ago in avast4: it aborted a connection while I was attempting to click on a web site link already flagged by Google. It works well, that was the second or the third time I saw that. I also see it watching TweetDeck (an external Twitter application) constantly, when the web shield is limited to browsers (as far as I know). Tons of avatars are being temporary downloaded and that's analysed by the network shield. It might not have settings in the UI, but it's a powerful feature I believe.
http://forum.avast.com/index.php?topic=49936.msg422583#msg422583

 And I don't think it should be compared at all to the behavior shield. It's not the same purpose at all.
w7 - ais7