The future of avast protection

[Hard_ROCKER]

Of course not. You're extrapolating my words. I'm talking about "unknown" processes.
Take it easy, all, all, all your games are known clean processes, aren't they?

First of all don't tell me to take it easy, i am alergic to that. And that was not my point, my point was if it runs them in SB they won't work properly. Let me ask you something, does Comodo know of every single game you run and have it on that whitelist ? Nope it's impossible to make a perfect whitelist. Impossible with the amount of software out there. The blacklist approach is better for me as it doesn't require an input from me which is why i am running avast!. Are you getting my point ?

A behavior blocker is based on rules, again, we're talking about unknown files, zero-day problems...

What exactly are you trying to say here and how does it relate to what you quoted from me ? What i meant was that a good behavior blocker is what i want to see in avast!. And no it doesn't relate to SB, i was just stating what IMO is needed for avast! to get better detection rates.

Sorry, not block everything, but block the infected (malware) and the unknown. Not everything.

I do NOT want it to block the unknown, that is my point Tech. Because under the "unknown" category could be perfectly legit programs that the whitelist just doesn't know about.

And again i am against the philosophy of BLOCK EVERYTHING UNKNOWN. The traditional approach of AV's(you could say blacklist approach) coupled with some good heuristics is what i want.

What you want Tech is a good HIPS program that blocks everything and i want a good av that blocks ONLY the baddies. I've over simplified of course but you get my point. And yes i am speaking in general not about the SB in particular. Do we understand each other now ?


EDIT: This is a partial quote from your first post here...

I'm asking for a double behavior or, in other words, a "default deny" policy, i.e., what is not whilelisted, block; what is not in the trusted list of avast should be denied.

[Hermite15]

okay the automatic sandboxing in CIS isn't that bad... it doesn't of course sandbox everything, but just a few minor apps that don't have recognized digital signatures, and further unknown processes...doesn't mean that I agree with Tech, he's just telling you what anyone who gave a shot to CIS auto-sandbox could observe. This said I don't want either to see Avast mimic Comodo. Each software company has its identity and should stick to it, and tech's attempts won't change anything to that

 Now to go back to topic I will repeat that the auto-sandboxing is in theory a nice feature, but can be pretty annoying when running it for the first time on a system, unless it's set to ask by default (which I think is the case now in CIS). That's a geek's feature, a new toy to play with, and certainly not something that a majority wants to have and be bothered with. People want to run their computer in the first place and not tens of anoying popups, especially when prompted to allow well known utilities to run "un-sandboxed" at startup, that's a waste of time. Last and more important thing is that third party sandboxing utilities are still far from running perfectly, and if automated, can break a complete Windows session, even force you to go back to safe mode to get rid of the annoying culprit. I've been through that

 Guys you know what, I suggest we wait for Avast 5.1...the beta should be there soon. Then we'll see what's in it. But it is utterly ridiculous to post stuff suggesting to Avast (more or less implicitly) to mimic Comodo...I mean Tech seriously

[Hard_ROCKER]

Listen i don't have a problem if someone wants to use that feature(i personally don't like it but that is just my personal opinion) but i don't want it forced upon me. Simple as that. avast! should stay avast! and Comodo can do whatever they want, i don't care about them. To make Tech happy, yes i have no problem if they put the feature in avast! but i would want it disabled by default for sure. 

[Lisandro]

First of all don't tell me to take it easy, i am alergic to that.

Sorry, we don't know each other personally or that much, enough to know these details.

Let me ask you something, does Comodo know of every single game you run and have it on that whitelist ?

1. We're not discussing Comodo. I'm discussing an avast possible feature that I like and seems useful.
2. No. Comodo can't know any single game out there... This is the handicap, this is the problem... Can the programmers drop some light on how to solve this?

The blacklist approach is better for me as it doesn't require an input from me which is why i am running avast!. Are you getting my point ?

Sure. The blacklist is a very good approach. But should it be the only one? Can't we get a balanced solution?

What exactly are you trying to say here and how does it relate to what you quoted from me ?

That behavior blocker is blacklist approach. It's good. It allows better detection rates. We agree with all this.
The "problem" is that the other approach, the whitelist. Is it possible? Yes. Can it be well implemented? That's the point.

I do NOT want it to block the unknown, that is my point Tech.

No problem. You've voted "no"
I'm perfectly aware the point is controversial. So I've started a poll.

Because under the "unknown" category could be perfectly legit programs that the whitelist just doesn't know about.

Agree. This is the main drawback.
How to solve it?
A "flexible" sandbox, with not full virtualization. Maybe?

And again i am against the philosophy of BLOCK EVERYTHING UNKNOWN. The traditional approach of AV's(you could say blacklist approach) coupled with some good heuristics is what i want.

I use this approach as I have AIS

What you want Tech is a good HIPS program that blocks everything and i want a good av that blocks ONLY the baddies.

Hmmm... Not exactly. A HIPS is always complicated when isolated. I need something flexible. I want to test software and other users want to play with fire. Automatic sandboxing could avoid something deeply mess the computer as it will be something like a limitation to user access.

Do we understand each other now ?

Completely

[Lisandro]

Listen i don't have a problem if someone wants to use that feature(i personally don't like it but that is just my personal opinion) but i don't want it forced upon me.

Well, there is an option in the poll: optin, for advanced users only.

Simple as that. avast! should stay avast! and Comodo can do whatever they want, i don't care about them.

This is not a Comodo x avast thread. As simple as that. Who does not understand this... well, does not understand my intentions. 

To make Tech happy, yes i have no problem if they put the feature in avast! but i would want it disabled by default for sure. 

Wow... Thanks! I've get your vote

[Lisandro]

okay the automatic sandboxing in CIS isn't that bad... it doesn't of course sandbox everything, but just a few minor apps that don't have recognized digital signatures, and further unknown processes.

That's why I was attracted to that technology... and the fact we have 2.000.000 malwares released on 2010... and because we're always listening: "Oh, my antivirus does not detect that... Why?"...

doesn't mean that I agree with Tech

I don't want either to see Avast mimic Comodo.

Why not? Everything on Comodo is bad? Can't we learn anything from the others? Nothing?

Each software company has its identity and should stick to it

We're not talking about companies policies and culture. Although it would be very good to discuss this elsewhere: the freemium policy of avast x paid products, market share, etc.

And tech's attempts won't change anything to that

Really?
I'm not arrogant to think I'll change avast.
But I think avast listen to their users
They could change because they learn and improve some point.
I'll be glad if I can help on improvement of avast
This is why I'm here.

Now to go back to topic I will repeat that the auto-sandboxing is in theory a nice feature

Another converse

but can be pretty annoying when running it for the first time on a system, unless it's set to ask by default (which I think is the case now in CIS).

First run, identify the installed software, implementation. That's the point of the success.

That's a geek's feature, a new toy to play with, and certainly not something that a majority wants to have and be bothered with. People want to run their computer in the first place and not tens of anoying popups, especially when prompted to allow well known utilities to run "un-sandboxed" at startup, that's a waste of time.

Fully agree. This was annoying all the time I install CIS...

Last and more important thing is that third party sandboxing utilities are still far from running perfectly, and if automated, can break a complete Windows session, even force you to go back to safe mode to get rid of the annoying culprit. I've been through that

I don't have experience on this.

But it is utterly ridiculous to post stuff suggesting to Avast (more or less implicitly) to mimic Comodo...I mean Tech seriously

Mimic?
No, please. Do it better

[Hard_ROCKER]

Tech how do you know i voted for NO ??! Cause i didn't and if i did it was a mistake. But i am pretty sure i selected Yes. Make it available (off by default, i.e., for advanced users only) just to make you geeks happy.  


EDIT: You DO know me, different nick now... I'll send you a pm.

[Lisandro]

Tech how do you know i voted for NO ??! Cause i didn't and if i did it was a mistake. But i am pretty sure i selected Yes. Make it available (off by default, i.e., for advanced users only) just to make you geeks happy. 

You can change your vote as I made this available in the poll
Geeks? No, please. I'm a normal guy. I run 10 to 15 km two or three times a week

[Hard_ROCKER]

Please read my PM buddy !

What, i really did vote NO, seriously ??! Weird... Okay i'll change it.


EDIT: You were right i did vote NO !  Fixed now. The options are close together so that would explain my mistake.

[Lisandro]

It's ok.
Wow... Seems people really participate in this poll.

[Dch48]

I will repeat that the auto-sandboxing is in theory a nice feature, but can be pretty annoying when running it for the first time on a system, unless it's set to ask by default (which I think is the case now in CIS). That's a geek's feature, a new toy to play with, and certainly not something that a majority wants to have and be bothered with. People want to run their computer in the first place and not tens of anoying popups, especially when prompted to allow well known utilities to run "un-sandboxed" at startup, that's a waste of time.

This is exactly what has scared me off of auto-sandboxing. Comodo may have gotten better since the original implementation. I haven't been brave enough to try it since the new version came out. What happened to me was that files needed by some of my games got sandboxed and even after I told CIS not to do it any more, they continued to be sandboxed but without any notice given that they were. the only way to see what was happening was to read the log files.  Some of my drivers also got sandboxed like the special HP keyboard drivers, the driver for the quicklaunch buttons, and a file from ATI. There were some other things that I can't recall at the moment but you get the picture. I'm with the people who have said they only want things being blocked that are bad or found suspect by heuristics, not simply "unknown". My first experience with auto-sandboxing has left a very bad aftertaste.

[Lisandro]

What happened to me was that files needed by some of my games got sandboxed and even after I told CIS not to do it any more, they continued to be sandboxed but without any notice given that they were.

Bad implementation of one software does not invalidate the technology.
Again and again, we're NOT discussing Comodo but automatic sandboxing.
The (eventual) errors of Comodo in CIS does not mean we'll have the same problems with avast.

Some of my drivers also got sandboxed like the special HP keyboard drivers, the driver for the quicklaunch buttons, and a file from ATI. There were some other things that I can't recall at the moment but you get the picture. I'm with the people who have said they only want things being blocked that are bad or found suspect by heuristics, not simply "unknown". My first experience with auto-sandboxing has left a very bad aftertaste.

Sorry, indeed your experience with Comodo wasn't pleasant.
Will you give up?

[SpeedyPC]

Okay I've finally done a clean install with the latest Comodo Firewall Free v5.0.162636.1135, I'm a bit concern about that cloud feature from Comodo give me a chance to help out about the automatic sandboxing and cloud feature so I could try and give you my side of the story for Avast.

[Lisandro]

Ok Speedy, if you need help with CIS, better trying their forum

[Dalewyn]

Well, you've risen up the horizon of my suggestion... I mean, I'm thinking in a very narrow concept of sandboxing and you're speaking of the global technology and what sandboxing could achieve at all. The environments are different. Maybe the vocabulary should be a new one. Won't it good if we can speak with "avast vocabulary" here?

I admit that perhaps I got a bit offtopic there. I was merely trying to point out that sandboxing goes beyond simple virus/malware protection. One could say virus/malware protection is even a side-effect of what sandboxing does.

Sure... but they can run side by side, it's becoming a necessity is we think in 2 million malware per year, and, better, avast already has the technology: a firewall and an on demand sandbox.

In fact, I'm only asking of making an on-access partial sandbox (other calls it 'limit access tool' or whatever you want to find in Comodo forums).

Which brings me back to my first point: A sandbox does many things besides protecting against viruses by its very nature, and an anti-virus program has no business in doing anything besides protecting against viruses.

This isn't really a rejection on the idea itself (sandboxing to counter unknown threats is viable, albeit shaky with false positives), but rather the idea that the feature be integrated into anti-virus software. I prefer software to be light and stick to what they were truely meant to accomplish; bloat is absolutely horrible no matter the intent.