The future of avast protection

[Lisandro]

Gargamel, I think more or less like you. It's poor to see that companies just look to profit to bring more profit, or the prices being passed from one to the final user... all the time.
This is why I've asked if avast as a corporation could do something to make all the Internet safer (of course they're doing a very good job releasing a free antivirus). Something says me that I can't expect this actitude from Symantec or McAfee (or Intel), can I?

[Gargamel360]

Something says me that I can't expect this actitude from Symantec or McAfee (or Intel), can I?

No, I would expect not. 

[Lisandro]

Two questions are pending for avast team (Vlk?):
1. About SONAR (Symantec).
2. About quarantining infected computers (Microsoft).

[Dch48]

I don't like the prospect of ISP's "partnering" with the Government. That just sounds like the old slippery slope deal to me.

[Omid Farhang]

Sorry to bring old topic to top, but I think something here confirm the idea in the topic:


Norman SandBox Anti-Malware Security Technology Recognized As Most Innovative Idea in Past Decade at VB2010 Conference
http://www.norman.com/about_norman/press_center/news_archive/2010/127159/en

[Lisandro]

Sorry to bring old topic to top

Old?

The Norman SandBox is a fully emulated Windows environment clone for simulating code execution, built to fight cyber threats. The operating system, software, system hardware, and network are all simulated, unlike any other tool on the market. Focused on analyzing malicious threats, Norman enables quick adaptation to the changing threat landscape.

What is it exactly for the final user?
A virtual machine?
Is it on demand or on access?
There is quite such "hype" in the article in my opinion.
But I think some of the avast programmers where there in the conference. Why don't tell us something about?

[Omid Farhang]

What is it exactly for the final user?

It works totally invisible as what I've seen.

Norman SandBox® is a revolutionary way to detect new and unknown malware in a proactive way. It is a virtual environment where programs may perform in safe surroundings without interferring with the real processes, program files and network environment. If a program performs actions that the SandBox regards as suspicious, the program is "tagged" as a malicious program.

When you install Norman, you see no menu or settings about Sandbox, I don't know how it works!

A virtual machine?
Is it on demand or on access?

Well, it seems to works on-access without have impact on user interface and environment.

There is quite such "hype" in the article in my opinion.

As well as I do!

But I think some of the avast programmers where there in the conference. Why don't tell us something about?

+1!

[Pondus]

It is in the virus engine  http://en.wikipedia.org/wiki/Norman_(company)

Norman SandBox Technology

Norman Sandbox is a virtualized environment(emulator) where executable files can be examined to see what kind of changes a specific file would do to a system. The emulator contains a BIOS, ROM, simulated hardware and networking capabilities. Based on the actions done by a file Norman Sandbox will automatically try to tell you if the file is behaving malicious or not.

Norman Sandbox is implemented in all Norman's products, but on a different operating-level. Emulating CPU cycles can be a time-consuming task so for performance reasons this is not enabled on by default in the on-access scanner.

Norman Sandbox is also sold as a separate product, giving other security companies the ability to analyze what a file does.[2]

[Omid Farhang]

Wow, I did not know that about what I am using!

So, why when I've been using Norman, I could download and install Fake AV from Web easily? some very well know

[firzen771]

Wow, I did not know that about what I am using!

So, why when I've been using Norman, I could download and install Fake AV from Web easily? some very well know

because fake AV's dont typically perform any suspicious behavior of their own, theyre usually just useless programs that trick u into giving them money

[Omid Farhang]

A follow up to Norman Sandbox:

Symantec analyzer use Norman Online Sandbox for analysis
http://www.symantec.com/connect/articles/using-nepenthes-honeypots-detect-common-malware
 

This will send each submission to Norman's excellent on-line sandbox, which will perform a run-time analysis and send you a copy of the results in email. This can give you very useful information on what the binary does without having to execute and trace it in your own virtual machine, or having to reverse engineering it.

[Lisandro]

Thanks Pondus.
Still a mystery if all files get submitted on access to the sandbox. The performance impact will be tremendous, won't it?
avast has also code emulation (on demand for sure)...

[Pondus]

I do not notice any slow down on daily use but on-demand scan is slow

[Omid Farhang]

I do not notice any slow down on daily use but on-demand scan is slow

Same here. also as pondus said, something is not enabled by default for performance reason for on-access, but on-demand scanner is slow and this can be reason:

Norman Sandbox is implemented in all Norman's products, but on a different operating-level. Emulating CPU cycles can be a time-consuming task so for performance reasons this is not enabled on by default in the on-access scanner.

[Pondus]

The default settings in the scan engine is

Automatic scanner: Sandbox = Normal ( there is also deactivated and expanded )
On-demand scan: Use Sandbox = ON
Internett protection: Use sandbox = ON