Author Topic: Is Avast firewall good enough?  (Read 29108 times)

0 Members and 1 Guest are viewing this topic.

psikofunkster

  • Guest
Re: Avast firewall is a joke.
« Reply #15 on: May 05, 2010, 01:00:15 AM »
HIPS can't be helpful in those situations?

HIPS can be helpful in those situations IF the user selects the correct answer to the prompt. That IF is the main point of failure here. If you answer allow to all, it won't help you. If you answer deny to all, you'll kill your operating system sooner or later. And if you can choose a correct answer, you presumably don't need any HIPS at all.  ;D

Agree.  ;D   
and they are very annoying too all those pop ups.


thanks everybody uninstalling comodo and reinstalling avast firewall now.

doktornotor

  • Guest
Re: Is Avast firewall good enough?
« Reply #16 on: May 05, 2010, 01:05:20 AM »
Enjoy...  And - if you later on decide to reinstall Comodo or any other firewall/HIPS to get more pop-ups, make sure to uninstall AIS first and replace it with Avast Free or Pro. Never run two AVs or FWs at the same time. ;)

psikofunkster

  • Guest
Re: Is Avast firewall good enough?
« Reply #17 on: May 05, 2010, 01:10:05 AM »
Enjoy...  And - if you later on decide to reinstall Comodo or any other firewall/HIPS to get more pop-ups, make sure to uninstall AIS first and replace it with Avast Free or Pro. Never run two AVs or FWs at the same time. ;)

yes i know two firewalls at the same time is not good, however i paid for 1 year of AIS that doesn't include avast pro.

But when using avast firewall, the windows 7 firewall is still active...

doktornotor

  • Guest
Re: Is Avast firewall good enough?
« Reply #18 on: May 05, 2010, 01:11:43 AM »
But when using avast firewall, the windows 7 firewall is still active...

Is it? Sounds like an install bug if it wasn't automatically disabled on install. You should disable it manually meanwhile.

Hermite15

  • Guest
Re: Is Avast firewall good enough?
« Reply #19 on: May 05, 2010, 01:11:55 AM »
@ the OP: ;D if you got AIS you got the pro functions ;) (i.e. virtualization and script shield)

adding Avast firewall doesn't deactivate Windows firewall automatically at setup time, that's not a bug. You must do that manually.
« Last Edit: May 05, 2010, 01:14:13 AM by Logos »

doktornotor

  • Guest
Re: Is Avast firewall good enough?
« Reply #20 on: May 05, 2010, 01:13:42 AM »
if you got AIS you got the pro functions (i.e. virtualization and script shield)

Well, yes... but, there may be situations when people decide to "downgrade" to AV Pro. Would be useful if the AIS license worked for that situation. I know for fact that ESET's licenses work like this. You can use ESS license for NOD32.

psikofunkster

  • Guest
Re: Is Avast firewall good enough?
« Reply #21 on: May 05, 2010, 01:14:47 AM »
if you got AIS you got the pro functions (i.e. virtualization and script shield)

Well, yes... but, there may be situations when people decide to "downgrade" to AV Pro. Would be useful if the AIS license worked for that situation. I know for fact that ESET's licenses work like this. You can use ESS license for NOD32.

and does it work?

Ok im gonna try to disable the windows 7 firewall..

doktornotor

  • Guest
Re: Is Avast firewall good enough?
« Reply #22 on: May 05, 2010, 01:16:51 AM »
adding Avast firewall doesn't deactivate Windows firewall automatically at setup time, that's not a bug. You must do that manually.

Well... I guess we've agreed upon that it's not advisable to run two firewalls at the same time. So - how's the above not a bug?

and does it work?

The AIS license for Avast Pro? Well, as said, no....

Hermite15

  • Guest
Re: Is Avast firewall good enough?
« Reply #23 on: May 05, 2010, 01:17:41 AM »
before the question arises: don't listen to people that will tell you to keep Windows firewall on, especially in Seven, just turn it off.

Hermite15

  • Guest
Re: Is Avast firewall good enough?
« Reply #24 on: May 05, 2010, 01:22:33 AM »
adding Avast firewall doesn't deactivate Windows firewall automatically at setup time, that's not a bug. You must do that manually.

Well... I guess we've agreed upon that it's not advisable to run two firewalls at the same time. So - how's the above not a bug?

because Avast doesn't want it to be done automatically. There has been a few threads, with partially wrong statements...Someone from Avast stated that Windows firewall should be left running because it does extra-firewall things (IPSec)...almost no problem so far (except that I wouldn't leave two firewalls on anyway, whatever the reason is)...and the argument was that if you disable Windows firewall you disable IPsec at the same time. Unfortunately true on XP and Vista, but not on Seven where IPsec keeps running when the native firewall is off.

edit:
Coexistence with third-party firewalls

Quote
Windows Firewall with Advanced Security consists of a set of services that provide much more than the traditional firewall. IPsec connection security rules, network service hardening, boot time filters, firewall filters, and stealth filters are all services provided by Windows Firewall with Advanced Security in Windows 7 and Windows Server 2008 R2. Because multiple firewall programs can be problematic due to conflicts, if you install a third-party firewall program, you need to turn off the Windows Firewall. In previous versions of Windows, turning off the firewall meant also disabling all of the related services. If the third-party program does not provide all of the same functionality, then you might be unintentionally exposing your computer to threats for which you no longer have protection. In Windows Server 2008 R2 and Windows 7, Windows Firewall with Advanced Security enables more specific disabling of its features through published application program interface (API) calls. When a third-party firewall program is installed, the installer can disable only those portions of Windows Firewall with Advanced Security that conflict with the services that are provided by the third-party program. Other Windows Firewall with Advanced Security services are left enabled, and continue to help protect your computer.


http://technet.microsoft.com/en-us/library/cc755158%28WS.10%29.aspx
« Last Edit: May 05, 2010, 01:29:51 AM by Logos »

sded

  • Guest
Re: Avast firewall is a joke.
« Reply #25 on: May 05, 2010, 01:23:08 AM »
A firewall is concerned with ports and protocols to prevent connections that might cause something undesireable to get into (or out of) your machine or even take over your machine.  This really has nothing to do with the HIPS cases that are part of a leak test.  Very simply, a HIPS looks for behavior by something inside your computer that could indicate it is malware.  Generally there is a whitelist of trusted programs to cut down on the effort.  When a HIPS sees a process try to do something indicated in the attachment (typical list), it generates a popup to ask you for permission to do it.  If you have a good understanding of Windows processing (and are willing to wade through a lot of popups) it can be a very effective tool.  Do you feel comfortable judging that a process that does one or more of these is malware or not?  The problem is that most of the processes you will see trying to do these things are not malware, just programs that perform sophisticated enough processing to need to do them.  So it is your decision whether the process doing these things is malware or not.  This is the issue many have with the leak tests.  The test cases used are such that to do well on a leak test you must do two things:
1) Generate enough popups that every test case will produce at least one-this is what doktornotor was referring too as the flood of popup warnings
2) Be aware that "block" is always the right answer, since everything there is malware-sort of like the monkey knowing which button gives him food
But in the real world, most of what you see that gives popups will not be malware, and it is up to you to decide which one you are seeing.  This is not to say that the leak tests are worthless-they do often indicate things that malware could do that users should watch out for.
Avast! (and some other firewalls) instead take the approach that the system must protect the user.  Avast! includes an advanced Behavior Blocker and heuristics in the AV portion (which is not even tested by the leak testers, but is a kind of limited automated HIPS) so that the user does not need to make all the decisions-the rules are updated several times a day as part of the database updates.  Limited user rights and other techniques can also help.  BTW, Comodo also alludes to adding a Behavior Blocker sometime next year to cut down on the popups and do whatever they can.
So with a HIPS in the hands of a sophisticated user (or the monkey, if this is a leak test) you get the popups necessary for you to decide whether the process is or is not doing things you expect it to, and can block it if necessary.  And varying degrees of sometimes helpful information in the popups.  The downside is that the popups are a PITA and in the real world the HIPS often trains you instead, since most all of the popups you see are NOT malware and you need to keep hitting allow to make your system function properly.  But a Behavior Blocker is not perfect either; just eliminates some of the dumber things a user might do.  So a trade and a lot of arguments that may go on forever.
« Last Edit: May 05, 2010, 09:29:51 PM by sded »

psikofunkster

  • Guest
Re: Is Avast firewall good enough?
« Reply #26 on: May 05, 2010, 01:33:05 AM »
before the question arises: don't listen to people that will tell you to keep Windows firewall on, especially in Seven, just turn it off.

ok deactivated.


yes i remember reading that statement that you can have both firewalls running (windows 7 and avast) so i've been running two firewalls all this time.... :-\


thanks sded too for your comment im reading it now.
« Last Edit: May 05, 2010, 01:37:31 AM by psikofunkster »

doktornotor

  • Guest
Re: Is Avast firewall good enough?
« Reply #27 on: May 05, 2010, 01:38:19 AM »
because Avast doesn't want it to be done automatically. There has been a few threads, with partially wrong statements...Someone from Avast stated that Windows firewall should be left running because it does extra-firewall things (IPSec)...

Erm... what's the % of AIS users who use IPSec? Close to zero is a safe bet I'd say.

edit:
Coexistence with third-party firewalls

Quote
network service hardening, boot time filters, firewall filters, and stealth filters

Without further explanation of the above features, I'd write that off as pure marketing blurb.

psikofunkster

  • Guest
Re: Is Avast firewall good enough?
« Reply #28 on: May 05, 2010, 01:41:49 AM »
before the question arises: don't listen to people that will tell you to keep Windows firewall on, especially in Seven, just turn it off.
ok deactivated.

yes i remember reading that statement that you can have both firewalls running (windows 7 and avast) so i've been running two firewalls all this time.... :-\



thanks sded too for your comment too im reading it now.


2) Be aware that "block" is always the right answer, since everything there is malware-sort of like the monkey knowing which button gives him food


I think that resumes all..... ;D
thanks everybody.
« Last Edit: May 05, 2010, 01:46:30 AM by psikofunkster »

Hermite15

  • Guest
Re: Is Avast firewall good enough?
« Reply #29 on: May 05, 2010, 02:45:50 AM »
Quote
what's the % of AIS users who use IPSec?

Ipsec can secure VPNs, so that's very few users indeed. Otherwise, I'm not a hundred percent sure, just guessing that IPsec also secures encrypted LAN connections on Seven, but I can't find any confirmation of that. I also don't see any IPsec policy applied by default, so again, just guessing and this could not be the case at all, unless clearly confirmed. All I can say is that the IPsec service is set to run manually by default, and it's started. So something started it...
 If (again, if...) IPsec is behind LAN connection encryption (at least on Seven), that would make quite a few users using it...

Quote
Without further explanation of the above features, I'd write that off as pure marketing blurb.
I'd try to be a bit more documented before stating something like that...

edit: just asked the question about IPsec on technet, I'll post back the answer(s) here if any...
« Last Edit: May 05, 2010, 03:00:17 AM by Logos »