Author Topic: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?  (Read 6418 times)

0 Members and 1 Guest are viewing this topic.

Offline zron

  • Newbie
  • *
  • Posts: 18
Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
« on: March 20, 2010, 05:36:42 PM »
Good Afternoon ! I'm using Avast Pro 5.0 so far very satisfied with it's performance ! But being a newbie in utilizing the Virtualization Process i'm wondering how exactly it performs. I'm using Firefox 3.6 and when I entered into Virtualization I noticed a thin red strip around the perimeter of Firefox,does this indicate it's activated ? And as a footnote I tried entering I.E.8 but it wouldn't accept it. I'm using Windows 7. Could this be the reason ? Sincerely...Zron   

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
« Reply #1 on: March 20, 2010, 07:37:44 PM »
Yes, the red border indicates virtualization.
The best things in life are free.

Offline baugmo

  • Newbie
  • *
  • Posts: 13
Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
« Reply #2 on: March 20, 2010, 11:52:24 PM »
My question is more like the topic title. I know what the red border means, and I know what virtualization means, but what does it mean in this context? I ran Firefox "virtualized" and couldn't tell any difference. For example when I downloaded a file it showed up in my download folder normally. What exactly is isolated?
« Last Edit: March 20, 2010, 11:56:36 PM by baugmo »

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2084
Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
« Reply #3 on: March 21, 2010, 12:28:02 AM »
Quote
What exactly is isolated?

All file-system changes done by a sandboxed application are virtualized (these modified files are stored in the hidden folder in root: "\## aswSnx private storage"). The folder can be visible if you set HideTarget=0 in "%avast data folder%\snx_lconfig.xml" file. File changes are cached in memory, so any unapproved file modifications in this hidden folder may lead to "undefined" state. I think these attempts are also blocked by our driver (not sure right now). All registry changes are also virtualized (see "HKEY_CURRENT_USERS\__aswSnx private storage" hive), all named objects (events, sections, ...) are virtualized (download winobj.zip to see Windows Object Manager namespaces), in-process communication (LPC/ALPC) is virtualized. Process/Thread/... modifications are blocked or limited. Windows names/classes/SCM/WinHooks will be virtualized in next version.

Avast sandbox uses pre-defined exceptions for the most browsers (see snx_gconfig.xml), i.e. bookmarks/cookies/history are excluded automatically from the virtualization and everything you'll download (by standard way, e.g. by using SaveAs dialogs, ...) are also excluded. However, every file which would be saved by malware is virtualized. We plan to add more options into expert settings in upcoming versions.
« Last Edit: March 21, 2010, 12:29:41 AM by pk »

Offline baugmo

  • Newbie
  • *
  • Posts: 13
Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
« Reply #4 on: March 21, 2010, 01:11:05 AM »
<profanity suppressed>!

Wow! (that'll have to do)

Benefits of virtualization w/o the PITA, transparently. Very like.

I just bought a two year license for AIS.

Thanks pk. Good answer! Quick too.

--
     Baugmo

Offline Rednose

  • Pirate Party Member
  • Avast √úberevangelist
  • Massive Poster
  • *****
  • Posts: 3624
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
« Reply #5 on: March 21, 2010, 01:33:05 AM »
Heya Peter :)

Any idea when we can expect an update my friend ??? Also because of the issue with downloading files if you uncheck "Automatically detect safe locations and exclude them from virtualization" ;)

Greetz, Red.
OS: Win 7 x64 SP1 / Ubuntu / Qubes OS / iOS
Real Time: Avast Premier Beta + AMS for iOS Beta WinPatrol Plus Unchecky MCShield  HOSTS File: MVPS + MDL
On Demand: MBAM SUMo
Backup: Win 7 Image
Proxy: ASL VPN's Socks 5 Tor