The future of avast protection

[Hermite15]

Automatic sandboxing is 'good enough' security with a minimum of alerts, suitable for the majority of users.
It's not thought to provide the highest even possible level of security (full sandboxing).

Unknown software could have access rights limited, i.e., this software couldn't:

• Drop (download) files in protected folders.
• Get admin privileges (elevation).
• Get Internet without asking permission.
• Inject code into non-sandboxed applications in memory.
• Other UAC restrictions.
• Protect the system (avoid exploiting of Windows, COM interfaces, etc.).
• Work like a keylogger or screen capture.
• Write to existing clean files or protected areas of Windows Registry.

You just copy and pasted from the Comodo moderator's post on their forum

nice ...this doesn't even need to be verified when one knows Comodo forum well (like I do   )

[GloobyGoob]

Automatic sandboxing is 'good enough' security with a minimum of alerts, suitable for the majority of users.
It's not thought to provide the highest even possible level of security (full sandboxing).

Unknown software could have access rights limited, i.e., this software couldn't:

• Drop (download) files in protected folders.
• Get admin privileges (elevation).
• Get Internet without asking permission.
• Inject code into non-sandboxed applications in memory.
• Other UAC restrictions.
• Protect the system (avoid exploiting of Windows, COM interfaces, etc.).
• Work like a keylogger or screen capture.
• Write to existing clean files or protected areas of Windows Registry.

You just copy and pasted from the Comodo moderator's post on their forum

True. Just worded a bit differently. link

[Lisandro]

When I downloaded and installed Avast, I came looking for a minimalist, light, non-intrusive, effective piece of anti-virus software and nothing more, nothing less. I did not come looking for anti-virus+sandboxing, the latter (sandboxing) of which has really nothing to do with virus protection at its core.

Do you really think so? It does not have anything related to detection but everything related to protection.

I'll be blunt, but if I require sandboxing I will go and find a piece of software that focuses on that area just as Avast focuses on virus protection.

Any suggestion of an automatic sandbox program besides CIS? (not on demand sandboxing...).

Thus, I vote for: No, I think the "default allow" policy (signatures, rules, etc.) is enough.
Keep Avast unbloated and true-to-the-point like it currently is, please. :x

Bloated? Why?

[Lisandro]

You just copy and pasted from the Comodo moderator's post on their forum

And so? What's wrong with the text itself?

[GloobyGoob]

Well... shouldn't you quote it?

[Lisandro]

Well... shouldn't you quote it?

Maybe... I've read, agree with the ideas, rewrite and post...
We're supposing to be discussing the technology itself, not the vocabulary. I don't want the copywrite of them for sure.

[Dalewyn]

Do you really think so? It does not have anything related to detection but everything related to protection.

Sandboxing, more accurately virtualization, is the act of creating an environment (the "guest") inside and separated from the "host" environment for a variety of purposes. These include running/emulating legacy OS and/or software on a modern OS and computer hardware, emulation of legacy or non-PC hardware and software, restriction of software rights, protection against network-based malware when sandboxing internet-borne programs, insurance in case of a runaway program, separation of processes to increase stability, and so forth. The cost of creating a guest environment can be expensive in the way of CPU processing, RAM usage, and in some cases hard disk space.

Sandboxing/virtualizing thus protects against far more than just viruses at a heightened cost when used to protect a computer. Whether a user wants that in an anti-virus program is the question here. I personally only want a traditional anti-virus program and nothing more.

Any suggestion of an automatic sandbox program besides CIS? (not on demand sandboxing...).

I've never had a requirement to utilize sandboxing/virtualization for means of protection, so I must admit I'm not knowledgable as to what choices are available.

Bloated? Why?

I like to think of sandboxing as a different form of protection from anti-virus protection. I feel that Avast (which at its core is an anti-virus program) has no business in increasing system stabilty at increased hardware cost, restricting the rights of software that aren't viruses, or protecting against things other than viruses*.

*AIS is a slightly different story given its security suite nature. A full-blown sandboxing feature wouldn't be so outlandish here akin to the firewall and antispam.

[Lisandro]

Sandboxing, more accurately virtualization, is the act of creating an environment (the "guest") inside and separated from the "host" environment for a variety of purposes. These include running/emulating legacy OS and/or software on a modern OS and computer hardware, emulation of legacy or non-PC hardware and software, restriction of software rights, protection against network-based malware when sandboxing internet-borne programs, insurance in case of a runaway program, separation of processes to increase stability, and so forth. The cost of creating a guest environment can be expensive in the way of CPU processing, RAM usage, and in some cases hard disk space.

Sandboxing/virtualizing thus protects against far more than just viruses at a heightened cost when used to protect a computer. Whether a user wants that in an anti-virus program is the question here. I personally only want a traditional anti-virus program and nothing more.

Well, you've risen up the horizon of my suggestion... I mean, I'm thinking in a very narrow concept of sandboxing and you're speaking of the global technology and what sandboxing could achieve at all. The environments are different. Maybe the vocabulary should be a new one. Won't it good if we can speak with "avast vocabulary" here?

I've never had a requirement to utilize sandboxing/virtualization for means of protection, so I must admit I'm not knowledgable as to what choices are available.

There are some similar alternatives. As far I know...
Behaviour blocker: ThreatFire.
Strong HIPS: Comodo Defense+, Spyware Terminator and System Safety Monitor.
Firewalls with HIPS: Online Armour.
Light HIPS: Winpatrol (and the old Arovax).
On demand sandboxing: Sandboxie.
Full virtualization: VMWare, Virtualbox.
System freezing: Wondershare Time Freeze, Deep Freeze, Returnil, Shadow Defender.
 
None of them are what I was bringing up with this thread: automatic sandboxing.
Indeed, besides Comodo Internet Security 5, we don't have any other option for automatic sandboxing. Oh, free ones

I like to think of sandboxing as a different form of protection from anti-virus protection.

Sure... but they can run side by side, it's becoming a necessity is we think in 2 million malware per year, and, better, avast already has the technology: a firewall and an on demand sandbox.

In fact, I'm only asking of making an on-access partial sandbox (other calls it 'limit access tool' or whatever you want to find in Comodo forums).

[Hermite15]

Well... shouldn't you quote it?

+1 of course he should >>> but hey, you feel like you sound more knowledgeable when you don't...quote ...and let's just leave aside moral considerations, we're talking high tech stuff

[Lisandro]

+1 of course he should

I've edited my post before yours

[Hard_ROCKER]

Automatic sandboxing of every process or in other words run every single thing possible inside a SB ? No thanks, i'm a gamer, my machine needs to be fast and responsive. And don't tell me that what you are suggesting wouldn't slow down everything cause it would. Avast with it's light resources usage and minimal user input required is exactly what the doctor ordered for me. Do i think it's necessary to sandbox every process ? Nope, i only feel the apps that are a bigger security risk like web broswers will benefit from running inside the SB(in terms of security). Why the hell would i want my media player, my cd/dvd burner, my games, my text editor etc. etc. to be run inside a sandbox(and they would be run inside a sandbox if automatic sandboxing was enabled right ?) ? Sorry but i disagree with this idea completely. Sandbox is a fine security tool(and i use avast! SB myself) but i certainly don't want to run every single app inside a SB cause it doesn't make sense.

A better behavior blocker(like ThreatFire) is what i feel is most needed for avast! to improve. And i believe they are allready working on that, so we will see better detection rates with avast! 5.1 i am sure. The FW needs some work aswell but those are all things that they are working on allready so i think we are good.

@Tech: In case you haven't figured out Comodo has a different philosophy on ways of achieving security than avast!. Their idea is to block everything by default and let the user decide whether to allow or not to allow. That way they can always claim that their product has perfect protection(well of course it does if it blocks everything, don't you think) and it's the users fault that they got infected. Get it ? I prefer avast!'s philosophy to that of Comodo. And by reading your posts lately i feel you are more into Comodo's philosophy which is why i will suggest to you to get rid of avast! and start using CIS exclusively.

[Lisandro]

Do i think it's necessary to sandbox every process ?

Of course not. You're extrapolating my words. I'm talking about "unknown" processes.
Take it easy, all, all, all your games are known clean processes, aren't they?

Why the hell would i want my media player, my cd/dvd burner, my games, my text editor etc. etc. to be run inside a sandbox

They don't need to run in a sandbox...

(and they would be run inside a sandbox if automatic sandboxing was enabled right ?)

Wrong.

i certainly don't want to run every single app inside a SB cause it doesn't make sense.

Nobody wants that.

A better behavior blocker(like ThreatFire) is what i feel is most needed for avast! to improve. And i believe they are allready working on that, so we will see better detection rates with avast! 5.1 i am sure.

A behavior blocker is based on rules, again, we're talking about unknown files, zero-day problems...

@Tech: In case you haven't figured out Comodo has a different philosophy on ways of achieving security than avast!. Their idea is to block everything by default

Sorry, not block everything, but block the infected (malware) and the unknown. Not everything.

And by reading your posts lately i feel you are more into Comodo's philosophy which is why i will suggest to you to get rid of avast! and start using CIS exclusively.

You're putting CIS technology against avast's one. Indeed, CIS does what avast does and give a step forward. They're not incompatible technologies.
About the temptation, yes, it does really occur. Specially because of the avast turn around in last years... More here (for Evangelists only): http://forum.avast.com/index.php?topic=62785.0

[SpeedyPC]

I voted 'Yes. Make it available (on by default, i.e., for all users)'

However I prefer not to discuss about this it a bit to advance for me to have my say about automatic sandboxing and cloud to increase avast protection, it would nice to have some kind of level protection like Comodo and I know Avast would agree and disagree about using a similar idea security platform like Comodo.

I know most people don't want to complain about Avast having a similar Avast Internet Security like Comodo, because I know most people in here would not give Comodo Free Firewall v5.0 a second chance so most people can get an idea how we can help Avast on automatic sandboxing and cloud to increase avast protection because their been to many agree and disagree on Comodo ideas.

I have nothing against Avast as I'm still using their free version along with Comodo Free Firewall I haven't update to v5.0 yet prefer to wait a bit longer, Comodo v5.0 is still to early and it does have sandboxing and cloud with D+ (HIPS).

[Lisandro]

Thanks for participating Speed

[SpeedyPC]

Thanks for participating Speed

Your welcome Tech