Author Topic: AIS firewall: auto-decide mode question(s)  (Read 10526 times)

0 Members and 1 Guest are viewing this topic.

Hexo

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #15 on: January 07, 2011, 07:59:03 AM »
There is no really whitlist?
Thats very bad.
So i have to change my firewallsettings to the "ask mode".
I thought, that the avast! FW is as good as the Gdata FW. But i see, that isn´t true.

I would be better to have an global "community" whitslist with trusted programms, and each other programm has to ask if it want to connect to the www.

GloobyGoob

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #16 on: January 07, 2011, 08:30:42 AM »
There is no really whitlist?
Thats very bad.
So i have to change my firewallsettings to the "ask mode".
I thought, that the avast! FW is as good as the Gdata FW. But i see, that isn´t true.

I would be better to have an global "community" whitslist with trusted programms, and each other programm has to ask if it want to connect to the www.


There is a whitelist... Where did you hear that there wasn't? ??? I don't think that its a community whitelist though. As said, it is managed by avast.
On a side note, I found that Gdata's firewall service could be disabled at startup (either manually, or if a piece of malware gets through). I don't know if they fixed that.

GG

Hexo

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #17 on: January 07, 2011, 08:54:37 AM »
I looked up in the manuel and there is no information about a whitlist.
Did you ever notice a "Firewall" block?

Hermite15

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #18 on: January 07, 2011, 09:28:59 AM »
Quote
Did you ever notice a "Firewall" block?

yeah once... recently, an unexplained inbound connection

Hexo

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #19 on: January 07, 2011, 09:47:40 AM »
LOL.
Any outbound blocks?

Hermite15

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #20 on: January 07, 2011, 10:04:45 AM »
LOL.
Any outbound blocks?

no, no reason to either, must download a trojan first before you see this happen...if it's intercepted by the fw, which as I saw in a recent case here may not be the case at all (not mentioning tha AV that doesn't always do its job either with rogues). And legit apps, unless infected or hacked, rarely attempt to establish forbidden connections.

Hexo

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #21 on: January 07, 2011, 10:38:09 AM »
[ironic]When a trojan try to connect... normaly it is the job of the antivirus to kill the trojan ^^
What is, when a trojan use a programm like a browser to connect the internet? The Firewall sees only the conection of the browser ^^ [/ironic]

Did someone test the Firewall with an infected system?

smage

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #22 on: January 08, 2011, 06:19:07 AM »
To me it seems like this.

In auto decide mode, all programs which are detected by the AV will also be blocked by the firewall while all programs which are classified as clean by the AV will be automatically allowed.  Now there might also be some behavioral analysis to determine if files are performing malicious activities.

All suites do the same thing because users do not want to answer alerts.
For real protection, you have to switch to ask mode.

ImWarm

  • Guest
Re: AIS firewall: auto-decide mode question(s)
« Reply #23 on: January 08, 2011, 08:23:04 AM »
I think this would help explain a bit better: http://forum.avast.com/index.php?topic=64233.msg548190#msg548190