Author Topic: Few questions about Network Shield  (Read 4678 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9361
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Few questions about Network Shield
« on: October 25, 2004, 04:22:27 PM »
Can you please explain to me, how Network Shield actually catches worms like Sasser or MSBlast. And if it blocks them or just logs their behavior?
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Few questions about Network Shield
« Reply #1 on: October 25, 2004, 04:33:28 PM »
Basically it's a very lightweight firewall (or more accurately, IDS) that scans all network traffic for signatures of known malware (namely Internet worms).

If it detects such an attack, it blocks it (by closing the hostile connection) - of course. :)


I think some of the competitive AV packages also offer such a feature - for example the new NAV 2005.


Cheers
Vlk
« Last Edit: October 25, 2004, 04:38:26 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9361
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Few questions about Network Shield
« Reply #2 on: October 25, 2004, 04:36:55 PM »
So,does Network Shield rely on signatures (VPS) or it uses "generic" blocking.

I know NAV2005 Worm Blocker uses generic rules,probably avast! does the same. At least i don't have any compatibility problems with Network Shield and eMule :) (NAV WormBlocker hates eMule)
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Few questions about Network Shield
« Reply #3 on: October 25, 2004, 04:38:10 PM »
It uses signatures. No generics/heuristics. That would probably be too risky (slow, and problem-prone) anyway... ;)
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9361
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Few questions about Network Shield
« Reply #4 on: October 25, 2004, 04:41:00 PM »
Ok,the last question ;D
Do i get any popup when certain attack happens (which is detected by Network Shield)? Something like popup window for updates or normal virus detected warning?
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Few questions about Network Shield
« Reply #5 on: October 25, 2004, 04:44:24 PM »
Yes, you get a popup similar to the one which is displayed whenever a virus is detected.

(Not the dialog - the red/yellow on-access scanner message in the notification area of the screen, if you know what I mean).
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9361
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Few questions about Network Shield
« Reply #6 on: October 25, 2004, 04:48:37 PM »
Like the tag for "Show details on performed action",just in red/yellow colors right ;)

Thank you for fast response on all my questions :)
Visit my webpage Angry Sheep Blog