Thanks for coming Vlk.
My hope was almost at the end... Seems we can still hope... Really, it was almost at the end.
I'm actually on holidays in Greece, hence my slow reaction times.
Additionally, Igor, Pavel and kubecj (among others) are in Vancouver at the VB conference...
So much for the apology for our recent absence here.
We just doubt that the outcome of implementing these changes would be good.
Any technical reasons? I mean, the implementation of an automatic sandbox will bring technical issues - besides the well known false positives and user interaction - that will make it unworthy in terms of security?
Yes, very good reasons for that.
I believe that one of the key drivers of avast's success is its relative autonomy and unobtrusiveness. You have to realize that with the 100M+ userbase, your users are no geeks. In fact, they are people who assume avast would do its job (= keep the machine clean from malware) but also that it wouldn't mess with anything the user does. Introducing quite radical measures such as running all unsigned/unknown binaries in a sandbox would admittedly generate a lot of confusion and is generally not compatible with our vision of
transparent security.
At least that's what my intuition tells me.
Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not.
Wow... It's not bad. So, regarding to the behavior, the program will run sandboxed automatically?
Either automatically or (more likely) give a recommendation to run sandboxed, with the user being able to override this decision.
Perfect! That's a very good thing.
Probably better than what I was proposing from the beginning.
If the rules for that (i.e., for the behavior shield to take this decision) are good enough, this will increase the protection against zero-day attacks.
Yes, that's the point.
The new heuristics for this is actually quite powerful, as it's taking into account a lot of things happening on the PC. I would call it "full context heuristics" (sorry can't disclose too much details without helping the competitors
).
What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).
Wow! Another dream is coming true!
Thanks again! Fantastic movement...!
This goes hand in hand with our "promise" of keeping all the core protection features even in the free product. If the sandbox technology is needed to tackle the zero-day malware problem, then it needs to be also in the Free AV.
Thanks
Vlk