Author Topic: I need help understanding AIS Firewall working mechnaism  (Read 13595 times)

0 Members and 1 Guest are viewing this topic.

ilker

  • Guest
I need help understanding AIS Firewall working mechnaism
« on: September 23, 2010, 08:31:57 AM »
Hello everybody,

 Thanks to GakunGak ( http://www.youtube.com/watch?v=GxG1RwUeo38 ) for the special test ( you can download this test from: http://loombo.com/sy3ae3lc6fsz) that i requested, and he did it. He reviews softwares on Youtube. I wanted to see what will happen if we pause all shields except Behavior shield and firewall. As you will see in the test, there is no prompt from AIS Firewall and Behavior Shield during the test. Machnine was infected and i strongly believe that the infections was opening connection to outside. The firewall acted like Windows Firewall. I am not sure if the firewall protected or not. Please can you help me why AIS didn't show any firewall alert? (By the way i would like to have a behavior shield like ThreatFire and SONAR of Norton)

 Thank you

 ilker
« Last Edit: September 23, 2010, 08:40:14 AM by ilker »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89053
  • No support PMs thanks
Re: I need help understanding AIS Firewall working mechnaism
« Reply #1 on: September 23, 2010, 12:45:08 PM »
I fail to see the validity of such tests where you cripple the security to run a test to prove a point in what is not a standard installation. The suite is integrated to provide overall protection, the firewall isn't designed to be a stand alone application.

If this tester user was also using a 64bit OS for this sudo-test, then currently the behaviour shield whilst running has no 64bit rules/filters, so if you are testing behavioural blocking it is as much use as a chocolate ashtray. Avast 5.1 is as far as I'm aware going to include 64bit rules and more for the 32bit OSes.

I don't use the suite, so I can't say how the outbound checking occurs in the firewall component of the suite.
« Last Edit: September 23, 2010, 12:49:03 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ilker

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #2 on: September 23, 2010, 03:24:33 PM »
I know, in normal installation i install everything and there is no reason to do the opposite. This was special test to see if avast will give firewall alert and how the alert looks like. If all the shields were enabled, avast would not let the pc infected. I didn't mean that it could not protected the pc because i already wanted this. I ask: Why avast didn't show any alert and gave automatic access to them. If you know the answer please write here instead of criticizing the test of validity.  

MasterTB

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #3 on: September 23, 2010, 03:42:32 PM »
If you want to see notifications of programs connecting to the web set the firewall to "Ask" and you¿ll see a ton of pop ups.
Of course you have to agree or deny to them.

Martin.-

ImWarm

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #4 on: September 23, 2010, 09:04:02 PM »
The firewall in AIS is mainly to prevent identity theft I believe. It's main purpose is to block hacker attacks and prevent sensitive data from leaving your computer. It also blocks exploits. So I don't think it deals with malware. Network based attacks are blocked by the network shield. Normal malware is covered by the other shields (like file system shield and web shield). I'm not too sure about the behavior shield, it's in development.

ilker

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #5 on: September 24, 2010, 08:20:21 AM »
If you want to see notifications of programs connecting to the web set the firewall to "Ask" and you¿ll see a ton of pop ups.
Of course you have to agree or deny to them.

Martin.-
Thank you for answer
The firewall in AIS is mainly to prevent identity theft I believe. It's main purpose is to block hacker attacks and prevent sensitive data from leaving your computer. It also blocks exploits. So I don't think it deals with malware. Network based attacks are blocked by the network shield. Normal malware is covered by the other shields (like file system shield and web shield). I'm not too sure about the behavior shield, it's in development.

 I agree with you. I guess it is designed to stealth ports and block attacks coming from net. I would like to see reply from avast team if it is support forum. 

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: I need help understanding AIS Firewall working mechnaism
« Reply #6 on: September 24, 2010, 10:25:08 AM »
Hi Ilker,

Avast Firewall is not a standalone product. It works in the team with antivirus and other shields. Yet, you are right, other shields can be turned off. Lets analyze the test then.

This is how I see it: you (the tester) deliberately downloaded some program from the Internet. Antivirus shields are off, so we must assume this is not a virus, also we can see that the user has downloaded the application by clicking on the link, it was not a browser hijack, exploit, drive-by-downlaod, etc., and then the user executed the downloaded program. Since it is not a virus and the firewall is configured not to ask, I assume it is pretty correct to let the program start and configure the rules for it. Next time, if the user is not satisfied, he can can modify the rules and limit the network access for this specific new software he has just downloaded, if wants.

If the user wants to be in control for every newly started program, there is an option to switch the firewall to the "ASK" mode, which might make sense after some time, when most of the frequently used programs are already configured and the potential hassle of being asked to much is smaller.

Lukas.
« Last Edit: September 24, 2010, 10:26:47 AM by lukor »

Hermite15

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #7 on: September 24, 2010, 11:50:18 AM »
yeah, a firewall is not an anti-malware tool: there's a difference between something installed silently and attempting to connect and something you deliberately downloaded while the firewall was set on auto-decide, and will obviously allow an outbound connection later on for the application. Comodo does the same.
« Last Edit: September 24, 2010, 11:57:12 AM by Logos »

ilker

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #8 on: September 24, 2010, 01:27:35 PM »
Hi Ilker,

Avast Firewall is not a standalone product. It works in the team with antivirus and other shields. Yet, you are right, other shields can be turned off. Lets analyze the test then.

This is how I see it: you (the tester) deliberately downloaded some program from the Internet. Antivirus shields are off, so we must assume this is not a virus, also we can see that the user has downloaded the application by clicking on the link, it was not a browser hijack, exploit, drive-by-downlaod, etc., and then the user executed the downloaded program. Since it is not a virus and the firewall is configured not to ask, I assume it is pretty correct to let the program start and configure the rules for it. Next time, if the user is not satisfied, he can can modify the rules and limit the network access for this specific new software he has just downloaded, if wants.

If the user wants to be in control for every newly started program, there is an option to switch the firewall to the "ASK" mode, which might make sense after some time, when most of the frequently used programs are already configured and the potential hassle of being asked to much is smaller.

Lukas.

 Thank you very much for your explanation.

 Best Regards,

 ilker

GakunGak

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #9 on: September 24, 2010, 01:56:26 PM »
Hello, forum.
It was me who did a test. I got a request to do a test with specific instructions.
And so I did. OS was Windows XP SP3 32bit W 512MB ram. I am NOT a professional tester but I do tests, just recently started recording them.... What I do is take default settings after install, try not to change anything, but because of request, I did disable components of Avast.
You have seen the video, and since avast was on automatic mode, how did avast handle requests to the internet? Did it automatically allow or reject from unknown program?
I did not put this video on youtube because the test is not fair to others and it's components got disabled. I will test avast very soon with default settings and all components enabled by default, and after rounds of default installations pass for all products, new round will begin with maximum settings possible.

My respect to all of you,
GakunGak  :)

GloobyGoob

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #10 on: September 28, 2010, 01:29:49 AM »
Antivirus shields are off, so we must assume this is not a virus, also we can see that the user has downloaded the application by clicking on the link, it was not a browser hijack, exploit, drive-by-downlaod, etc., and then the user executed the downloaded program. Since it is not a virus and the firewall is configured not to ask, I assume it is pretty correct to let the program start and configure the rules for it.

Hi, Tech brought up an interesting point in his other thread:
 
Seems that only 'infected' files are blocked (by the antivirus) and not by the firewall. Seems that outbound protection is decided by the antivirus and not by the firewall (or user).

Lukas, does this mean that the avast Firewall depends on the antivirus for outbound protection?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: I need help understanding AIS Firewall working mechnaism
« Reply #11 on: September 28, 2010, 02:54:12 AM »
Lukas, does this mean that the avast Firewall depends on the antivirus for outbound protection?
Good point.
The best things in life are free.

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: I need help understanding AIS Firewall working mechnaism
« Reply #12 on: October 01, 2010, 02:51:53 PM »
Lukas, does this mean that the avast Firewall depends on the antivirus for outbound protection?
Good point.

Hi, indeed, when checking if some specific executable is malware or not before allowing its traffic or blocking it, the firewall depends on the antivirus. Duplicating such features in the firewall itself wouldn't make any sense. However the firewall has also its own whitelist and blacklist that helps the "auto-decide" routine to create the rules.

ilker

  • Guest
Re: I need help understanding AIS Firewall working mechnaism
« Reply #13 on: October 01, 2010, 03:15:12 PM »
As i understand let's say there is one file wants to connect to internet so avast firewall will check  white/black list and consults to avast antivirus and behavioral shield. If everything is okay, it will create a rule and allow access. But if we discover that file is malicious we can block the access manually.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: I need help understanding AIS Firewall working mechnaism
« Reply #14 on: October 01, 2010, 03:17:59 PM »
Duplicating such features in the firewall itself wouldn't make any sense.
You're supposing people are using the avast antivirus always, or, in other words, the firewall is not standalone.
The best things in life are free.