Poll

Do you want automatic sandboxing (virtualization) to increase avast protection?

Yes. Make it available (on by default, i.e., for all users).
Yes. Make it available (off by default, i.e., for advanced users only).
No, I think the "default allow" policy (signatures, rules, etc.) is enough.
I don't understand the difference (please, post your doubts).
Other (please, post your opinion and why).

Author Topic: The future of avast protection  (Read 163494 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Sorry Tech, I did not intend to make my comments specifically for your opinions
Don't worry. My opinions, of course, are just my opinions.
Nobody is intended to take things personally.

just to suggest that there is a lot of self-serving propaganda out there that needs to be carefully evaluated as to accuracy and motivation.  As in threads like  "Is the AntiVirus biggest fraud in the security world?".
We always need to separate what is fanboyism, what is exaggeration, what are personal opinions.
Filter things, remove the bad, but keep the good.
I'm interested in technology, in increase avast protection. For me and for all users. That's my intentions.
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9404
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Well i somewhat like what Comodo is doing with the sandbox but i'm also aware of the problems. For avast! i'd just want a full fledged Behavior Shield that would work like ThreatFire. That would be enough not to need sandbox the way you are asking for.
Visit my webpage Angry Sheep Blog

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5128
  • Whatever will be, will be.
Automatic sandboxing feature can be a troublemaker in some countries: we have to use IME to input Japanese, but some sandboxing software (ex. Comodo ::)) isn't compatible with IME, so we can't input Japanese while sandboxing. :-\
Even the "Protected mode" in IE7 has some trouble with IME (user-based dictionary doesn't work in this mode due to privilege), automatic mode can lead more trouble...


Although this feature is good for security, I think this option should be advanced users only.

Someone wants to run a software which has not yet whitelisted and it doesn't work due to sandboxing, he/she have to whitelist it on their own... it's painful for beginners.

avast! is not for skilled people, but for all users. :)
« Last Edit: September 27, 2010, 09:55:16 AM by NON »
Main: Win10 Pro 21H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 22 Premium Beta(Icarus) / Comodo Firewall (testing again)
Mobile: Win10 Pro 21H1 64bit / Core i5-3340M 2.7GHz / 8GB RAM / Avast 21 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。

Hermite15

  • Guest


ps: I mean "default deny" etc... this is all Comodo vocabulary, desktop bloated with popups and uneeded security software behavior
If you can't understand, just admit. Don't worry :)

if I can't understand what Tech ??? and admit what??? what is it that you could teach me? You're purely and simply copying and pasting stuff found in hundreds of posts on Comodo forums and you mean that you did understand something that I didn't? What is it? I'm just curious. I mean look, I was a regular poster on Comodo forums during years (misc accounts...), long before you even knew their name, you only started to go there on a permanent way very recently...praising Avast there, and praising Comodo here. Avoiding advising those knowing much better than you do in a general way might be a good idea...whatever the topic is btw, chances are that I'll beat you ;)..been using their firewall and HIPS since the beginning, so excuse me if I pretend to know what I'm talking about, and I pretend that you don't...again, you're stupidly copying and pasting other posters descriptions of the software, especially Melih's and posts :D
 You're still in luck here because people post in your thread (s) when you praise Comodo on Avast forums...just because you're an old poster here...seems that you're hardly noticed when mentioning Avast on Comodo's forums...seems that you just join the herds there, and became just of of them...a bit light to come up here and play the guru, the Comodo guru isn't it? ;D

SafeSurf

  • Guest
I have a similar setup to sded and agree with most of his Post #5 (excluding the NIS part).

However, I have a technical question: What would happen if a person was to use a SB in one software that also had it in another software?  Would this then cause a conflict?  We talk about security software and conflicts that they may cause, and this came to mind.  Does anyone know the answer? 

I therefore would want to have the option to enable/disable the SB in a software during installation and in the GUI, whether it was Free or paid because of this since many more security software are moving in this direction of SB and other features not mentioned here (I do not want to hijack the thread).  Thank you.

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1639
  • Super(massive black hole) Poster
Hi Tech.
I had to vote "other". For my own PC, I'd be happy to have to choose whether executables that have passed every other test were then sandboxed by default, but for nearly every other user I know, they would have no idea what I'm talking about.

If I get time I'll expand on this later, but just a quick word of personal encouragement for you my friend.
It could be just a language issue but you seem to be adopting some of the personality-cult-speak of "he who cannot be named" (by which I don't mean Voldemort).
E.g. the term "legacy antivirus" is pejorative, used in order to disparage, to belittle or put-down, the products of every competitor.
Talk of how "end users need to be educated about these (i.e. AV-C) tests", is an extraordinary marketing strategy for a business enterprise.

Take care in there, and just be very careful if you're offered a brightly coloured drink.

« Last Edit: September 27, 2010, 11:17:56 AM by Vladimyr »
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Hermite15

  • Guest
on a side note, dismissing the anti-virus software concept has been a rule for years on Comodo forums, where Melih was claiming again and again not to use any to justify the use of their HIPS...I have nothing against HIPS, even if I personally, after years, don't feel the need to use one anymore. But I have something against people who're bashing a product because they're unable to produce an equivalent >>> insert CAV here :D

edit: old but interesting, read from there:
http://forum.avast.com/index.php?topic=41708.msg359785#msg359785

second edit: on another side note, the Comodo herds have been bashing Avast webshield for ages, calling it useless etc...(they say the same about the mailshield btw). This is a very poor appreciation of what in my opinion is one of the best security feature ever, so I cannot take them very seriously. And finally, I've hardly heard Avast devs refer to Comodo software, while the contrary happens all the time...guess why, Avast doesn't need such methods to convince ;)
« Last Edit: September 27, 2010, 12:05:12 PM by Logos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76213
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
I voted for 'other'. ;)
I first want to see the capabilities of 5.1, before I jump into this discussion...
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Well i somewhat like what Comodo is doing with the sandbox but i'm also aware of the problems. For avast! i'd just want a full fledged Behavior Shield that would work like ThreatFire. That would be enough not to need sandbox the way you are asking for.
Thanks RejZor. Indeed a better/deeper behavior analysis tool is welcome.
Just that the technology - signatures, rules, etc. - seems to be difficult to follow the behavior of the malwares, exploiting and bypassing the legacy technology.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Automatic sandboxing feature can be a troublemaker in some countries: we have to use IME to input Japanese, but some sandboxing software (ex. Comodo ::)) isn't compatible with IME, so we can't input Japanese while sandboxing. :-\
Hmmm... As we can see, technology needs improvements.

Although this feature is good for security, I think this option should be advanced users only.
I feel the same.

Someone wants to run a software which has not yet whitelisted and it doesn't work due to sandboxing, he/she have to whitelist it on their own... it's painful for beginners.
For sure it needs to be tempered and the whitelist well studied.

avast! is not for skilled people, but for all users. :)
Just let the user choose and make it not the default.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
However, I have a technical question: What would happen if a person was to use a SB in one software that also had it in another software?  Would this then cause a conflict?  We talk about security software and conflicts that they may cause, and this came to mind.  Does anyone know the answer?
Yeah, if you have set an application to run in a sandbox (e.g., sandboxie) and then avast automatically tries to run into its own sandbox, probably we'll have a conflict. In this case, it should be in the avast exclusions or into the avast trusted applications. 

I therefore would want to have the option to enable/disable the SB in a software during installation and in the GUI
For sure. It must be there and in the context menu of the .exe files probably: run inside/outside of the sandbox.

Since many more security software are moving in this direction of SB
Do you have examples of this?
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
If I get time I'll expand on this later, but just a quick word of personal encouragement for you my friend.
For sure, technology discussion and help the users are my personal encouragement and, believe, I need them.
Hope avast team understand their users also ;)

It could be just a language issue but you seem to be adopting some of the personality-cult-speak
Well, I'm trying to discuss technology, not vocabulary.
If there is another vocabulary that we can use, let's go for it.
I'd like to see avast-vocabulary, but I won't see it if I do not start the dialog, will I?

E.g. the term "legacy antivirus" is pejorative, used in order to disparage, to belittle or put-down, the products of every competitor.
Do you have a solution? I mean, how to name them?

Talk of how "end users need to be educated about these (i.e. AV-C) tests", is an extraordinary marketing strategy for a business enterprise.
Really, I've posted there my opinion. I think they need to improve the antivirus to improve usability of the suite.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
I voted for 'other'. ;)
I first want to see the capabilities of 5.1, before I jump into this discussion...
Thanks for participating Asyn.
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Hi my good friend, Tech,

Sandboxing in general is a good policy as one the layers of layered anti-malcode protection, but as with the "Sandboxie" proggie that I have installed and work under certain and particular ominous circumstances (running jsunpack, malzilla sessions, etc.) there is also particular malware that can circumvent the sandbox technique ( http://www.sandboxie.com/index.php?ConfigurationProtection ) and it is good to trust no program. You  have to configure Sandboxie at installation to work with e.g. avast, etc. It is not for nothing that the GoogleChrome browser is so advanced in security because it has all the tabs/windows running under separate tasks (see in your taskmanager), making it all the more difficult to hack this browser.
But, alas, sandboxing is a technique after the fact, the session is fenced in and just on closing down the application it is not allowed to make any changes to the computer, the minimal chance of something getting out of the sandbox is still there (rename the sandbox executable into something else, run as admin or password protected can help), but I also like to be protected pro-actively at places where malware vectors may enter the computer and one of the main vectors is script in various forms and sorts and possible third party sites on a particular website that may have not the best of intentions or have been hacked, and particularly inside the browser, so for GoogleChrome sandbox it only for those particular cases where you expect mayhem and to be vulnerable, then have extensions like NotScripts as by default, block with FlashBlock, BetterPopUpBlocker, Noref, specific configurations for AdBlockPlus and after closing the browser run Click&Clean to remove all traces from the previous session. If you run GoogleChrome in sandboxie and then run Click&Clean mind that traces of the previous session before the sandboxed session may still be active there and Click&Clean as you haven't earlier cleansed may not have gotten any access there. So as with all security measures it mostly is a two-sided sword and one should really grasp the full understanding of the process as what happens to have a grip on complete security as it is being performed.
Now there are two types of users, the savvy users that says; "I know enough about protection myself to take all these measures into my own hands and create a form of layered protection that is not overbloated, does not halt my OS too much and will perform full security under all circumstances, does not have to cost a cent."
And then there are the n00b users that want to have full protection, do not know how to protect themselves, and wanna only use a computer for the sheer fun of it, well they'd either listen to advice of others that are in the know and organize their protection likewise or work it like others at the very "dumb digibete" end of the user spectrum that will order a sometimes costly anti-malware suite, configure it wrongly or incompletely and over time still work their computer into a machine functioning merely as a doorstopper because of all sorts of unwanted malware, adware, tracking ware, crap etc.
So it all depends from what situation you will have your discussion. Like to hear what others here in the forum think about this?

Damian aka polonus

pol
« Last Edit: September 27, 2010, 03:11:06 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Hi Tech!

beside talking about Sandbox, you said same thing that I'm screaming for years! "default allow" and "default deny".

we all use Antivirus to prevent effect of malwares on our systems. what are them? Harm data, slow down, popups, theft data, use internet bandwidth etc.
these days security softwars are doing something instead of prevent them! like bring a lot of popup and questions (Thanks avast!, it don't do that much) and slow down systems (avast don't do it too ;) ). so it's very important that security software becoming set it and forget and also being trustworthy. like when it said This Is Malware, we say if my AV says it is malware, it is! and not thinking maybe it's FP?

I said that prior to my comment to say we much think of many thing before add a new feature to our products.

Best thing you noticed is "Whitelist" AND "Blacklist", not only "Blacklist".
avast has lack of Whitelist in someway. if it had a whitelist beside their blacklist, it was much easier for them to collect 'unknown' files. I mean, when I scan a folder with a nice antimalware, in the scan result it says (For example) "We Scanned 100 files, 33 Known Clean, 33 Malware and 34 unknown files" and give me options to send these 34 unknown files to their Analysis desk with my comment. I know such thing will need many many resources. also same for Firewall or any other components. a Firewall may have an option that use predefined rules do default allow or dent per program depending on the whitelist or blacklist...

Sandboxing is a great idea, even not as a security solution, something which take care of windows very well (if being programmed in the right way!).

Think of a quality sandbox and how good it can take care of windows? e.g. if your player being installed in a sandbox, browser in it's own sandbox, messenger in it's own sandbox and how easy it will to manage. windows will live untouched and become more solid. when you give up your player and wanted try another one, just flush your player sandbox and install the new one!
when I say a well programed Sandbox I mean every sandbox being customizable like their access to hard drive, internet etc. or run windows services normally or... (Sandboxie cannot run services must of times). so with that quality of sandbox you can run your bowser in a isolated place, isolated like a Virtual Machine which even every kind of sites or plugin don't be able read even 1 bit of your hard drive.
some times Sandboxes cause more problem than having benefits like additional popup from them or fail to run programs or....

so, if avast can program a Sandbox with that quality, I say go for it, if not, don't add something which bother us more!  ;D
by having more resources and spending more time, it is possible to do, so why not? start if it is a nightmare because in last 30-40 years many files have being created and you need to list them, but after a while you will list most of them and you will just need to works for newly created files from now on...

That's all what I think! maybe it's all wrong
Twitter: https://twitter.com/OmidFarhangEn - OS: Arch Linux