Poll

Do you want automatic sandboxing (virtualization) to increase avast protection?

Yes. Make it available (on by default, i.e., for all users).
Yes. Make it available (off by default, i.e., for advanced users only).
No, I think the "default allow" policy (signatures, rules, etc.) is enough.
I don't understand the difference (please, post your doubts).
Other (please, post your opinion and why).

Author Topic: The future of avast protection  (Read 186366 times)

0 Members and 1 Guest are viewing this topic.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek

The cloud (community) technology could be used for populate these whitelists.

Avast have a big user database why not use this to their favor?

This is what I wanted to type in here

I would vote a big YES in capslock if this was verified by lists in the cloud

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
I believe that if they automatically sandbox programs, it will likely cause problems with certain software, and beginner users won't know how to fix the problems.
Sure, it's not a toy. But it's not complicated also if you have a good whitelist. After all, the user will have 50% of blocking the software not detected by the antivirus definitions.

However, for people that know what they're doing it would be a great addition to the program, provided that it gives full control to the user so that they can whitelist / blacklist whatever they want.
Well, I'm not advocating the full control to the user. I think security is an expert issue. The ability of building a good whitelist is a challenge for the security experts :)
The best things in life are free.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
I vote for Yes. Make it available (on by default, i.e., for all users). as this would be the safest setting for normal users.  As I understand it, any Malware executed in the sandbox would be trapped there and a simple reboot or shut down of the sandbox would remove it.

There would need to be a way such as a "White list' in Avast so it would know if a program is legitimate. Lets say you download CCleaner, Avast would scan the download, check it against its white list and then allow it to install to disk.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
After reading all the posts above, I voted for "Yes. Make it available (off by default, i.e., for advanced users only)."

In the hands of a person who does not know/understand the implications of sandbox usage, it could present problems with "on by default."
Thanks for coming Charley.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
may be, that this topic gives some motivation to developers.:)
I hope so! Thanks for participating.
Indeed I hope we can be listen by the team.
Maybe we're not seeing the problems or the technical difficulties to implement. But, for sure, we need to be side by side to find the better solution and balance. Don't you think?
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
I vote for Yes. Make it available (on by default, i.e., for all users). as this would be the safest setting for normal users.  As I understand it, any Malware executed in the sandbox would be trapped there and a simple reboot or shut down of the sandbox would remove it.
That's the idea.

There would need to be a way such as a "White list' in Avast so it would know if a program is legitimate. Lets say you download CCleaner, Avast would scan the download, check it against its white list and then allow it to install to disk.
Well... maybe it will be difficult to implement this way.
Maybe we're underestimating the technical issues... So, let's wait for an "insider" point of view.
pk? ???
The best things in life are free.

Mr.Agent

  • Guest
Im not a Pro or IS user but i can say that an automatic sandbox i wouldnt like that if i was one. Because i mostly plays alots games and i think im not alone and to sandbox my games would be a overkill...

On my opinion if any 1 need the sandbox he will just left click or go in the program which its can be very easy and suit to everyone.

Mr.Agent

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
On my opinion if any 1 need the sandbox he will just left click or go in the program which its can be very easy and suit to everyone.
For operation yes, you can live with on demand sandboxing, for protection of zero-day attacks, I don't think so.
Thanks for participating.
The best things in life are free.

Mr.Agent

  • Guest
No prob Tech.

I just said my opinion thank for your respect and your reply.

Mr.Agent

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
I just said my opinion thank for your respect and your reply.
Sure. And it's a valid opinion. Not all the users are looking for "technical" stuff and increase protection. Most of them are happy and clean with avast as it is :)
The best things in life are free.

GloobyGoob

  • Guest
About the Secure Desktop, from Petr :

Quote
it will allow you to execute e.g. web browsers in more secure mode than in 5.0, it’d be executed in the seperated desktop  - with no icons, under our alternative shell (i.e. own explorer.exe), own taskbar, etc. This alternative desktop will be protected from keyloggers, screen captures and keeps your browsing activity isolated from other processes running on the normal desktop. This feature might be integrated into most common web-browsers as a plugin: e.g. if you go to www.abnamro.nl or www.dnb.nl sites (online banking), avast will open this page in the secured desktop automatically and protects your surfing from other applications.

Thanks Rednose, for the informative quote. ;D

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1639
  • Super(massive black hole) Poster
Hi Tech. I'm back!

Re "b) the cloud (community) technology could be used for populate these whitelists."
I don't think it's a good idea to rely on a collective opinion so-called "cloud" to determine whether or not a file is sandboxed, especially in regard to identifying true "zero-day" malware.

"Whatever not in the whitelist of trusted sources (an executable file, an installer, a script, etc.) could generate a question to the user in order to allow or deny."
Say I'm the first in the world (lucky me!) to see a particular brand-new previously unseen malware flagged by avast! I'm given the option. I choose not to run it in the sandbox. It is added to the "cloud" whitelist. For the next avast! user who comes across the same file, (1) my input is of no benefit because avast! devs wisely consider a representative sample of one to be inconclusive, or (2) "benefits" from my input by having his/her PC infected, just like mine.

more thoughts soon...
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1371
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Hi Tech,

Basically i agreed with your ideas, but again we should consider for beginner or common users which is not really advanced in term of technical problem.
It would become obstacle for avast team in term of providing support to avast user, and i keep choose awareness of users to run and operate this feature with avast if the user understand and realize how to operation this features.

I don't agree with automatic sandboxing, because if some application blocked by automatic sandboxing it would be looking very strict antivirus system and for users who do not understand about this features they won't like to use avast in the future and blame avast as highly false positives antivirus like other brands.

cheers,


Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1639
  • Super(massive black hole) Poster
E.g. the term "legacy antivirus" is pejorative, used in order to disparage, to belittle or put-down, the products of every competitor.
Do you have a solution? I mean, how to name them?
Yes, recognized antivirus might do the trick. A legacy is what you have after someone has died.

Talk of how "end users need to be educated about these (i.e. AV-C) tests", is an extraordinary marketing strategy for a business enterprise.
Really, I've posted there my opinion. I think they need to improve the antivirus to improve usability of the suite.
Yes they do. And their situation colours even the most well-intentioned vision, leading to development and implementation of techniques that may well enhance the usability of their own product, but will not necessarily be of similar benefit (and may indeed be detrimental) for users of another security product, especially one with 'spadeloads' of usability, like avast!

That said, if avast! were to have any sort of automatic sandboxing of unsigned/un-whitelisted files, the idea of having different options or settings for "noobs", advanced users, etc, could be addressed something like this.

Logging in as a user with Admin or Power User privileges, avast! would prompt to say,
"Unsigned/un-whitelisted files will be virtualized by default. Tick the box to switch this feature off."

Logging in as Standard User, no prompt, no default virtualization. Limited user privileges should (at least on Windows 6 & 7) be sufficient to protect the system.

Any comments?

There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

AdrianH

  • Guest
Quote
: Do you want automatic sandboxing (virtualization) to increase avast protection?

NO!.