Avast Internet Security (with its own sandbox)

View previous topic View next topic Go down

Avast Internet Security (with its own sandbox)

Post by jna90 on 21/8/2011, 22:55

I've installed Avast! Internet Security (version 6.0.1203) and a years subscription for the hell of it.
I have searched everywhere for a decent test for the sandbox option in avast, but can't seem to find any in depth testing with avasts own sandbox.
Including on their own forum there isn't much to find. they (the developers) however did release a Eicar / spycar like tool to test the autosandbox option.

tried googling for it and tried to search on youtube for a avast sandbox review, but alas..
There are Avast! reviews but more like for the overall product and not specifically the sandbox, which seems to me a very interesting part of the suite.

I keep using sandboxie of course, I won't ever abandone it. I bought the lifetime subscription, because Tzuk is just great and his product as well.
I don't want to make a commercial of it, but Tzuk does answer almost everybody on his forum, really amazing and tries to really help you with anything.

Anyway back with avast sandbox, anybody can point me to in depth reviews or a video by ssj104 about it ? pirat What a Face

Maybe I will test it out myself eventually affraid (really scared here)

jna90
Member
Member

Posts : 36
Join date : 2011-07-20
Age : 43
Location : Amsterdam, The Netherlands

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by tnegjm on 22/8/2011, 01:48

I've read and heard good things about avast especially the boot scan. I knew that it had a sandbox option but haven't seen much about it either. I'd like to know as well, not to replace SBIE but out of curiosity.

tnegjm
Member
Member

Posts : 37
Join date : 2010-04-20

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by ssj100 on 22/8/2011, 04:39

If someone can give me a link to the trial version (or whatever free version that has the full sandbox capability), I may try to find some time to test it out. I doubt it would deserve a "ssj104 video" however haha.

It's also probably not too different from the sandbox mechanism in CIS - certainly not a replacement for Sandboxie.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by tnegjm on 22/8/2011, 04:51

ssj, they call their sandbox "safe zone" it looks like. Here's the link for the trial version Link.

tnegjm
Member
Member

Posts : 37
Join date : 2010-04-20

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by jna90 on 22/8/2011, 12:52

yeah, the free version has "safe zone" and is not very configurable and uses a fixed webbrowser (chromium) I believe.
But the Internet Security I got does have 'safe zone' and also the sandbox option that lets you sandbox anything. it even looks the same as sandboxie.
but instead of the pound/hash sign (#) it uses the at (@) signs to indicate that a program is running in sandbox and also a red border around the window.

I thought the free version did have it too, the full sandbox feature, but on second look I think not.
Anyway, I understand if you don't want to do it then.

http://www.avast.com/free-antivirus-download

[EDIT] Sorry for the confusion and I should have looked better at all the options and comparison between the free and paid versions.
I feel like such an idiot now. Anyway, sorry ssj about my own confusion of the product.
[/EDIT]

jna90
Member
Member

Posts : 36
Join date : 2011-07-20
Age : 43
Location : Amsterdam, The Netherlands

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by Peter5 on 22/8/2011, 20:22

jna90 wrote:yeah, the free version has "safe zone" and is not very configurable and uses a fixed webbrowser (chromium) I believe.
But the Internet Security I got does have 'safe zone' and also the sandbox option that lets you sandbox anything. it even looks the same as sandboxie.
but instead of the pound/hash sign (#) it uses the at (@) signs to indicate that a program is running in sandbox and also a red border around the window.

I thought the free version did have it too, the full sandbox feature, but on second look I think not.

Yes , the free version only offers the Automatic sandbox (virtualizattion) which does not sandbox everything (it does not use a default deny policy), it uses some kind of heuristics to determine if an unknown file runs sandboxed or not.
Only the manual sandbox (paid version) offers default deny policy.

Now, with Avast 6.0 (which is coming sooner than you may think), it's a different story. Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not. Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox. If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info) but this is, at a glance, how it's going to work. What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).

Thanks
Vlk

http://forum.avast.com/index.php?topic=64382.msg546016#msg546016


Last edited by Peter5 on 22/8/2011, 21:02; edited 1 time in total
avatar
Peter5
Member
Member

Posts : 31
Join date : 2011-03-26

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by Peter5 on 22/8/2011, 20:46

ssj100 wrote:If someone can give me a link to the trial version (or whatever free version that has the full sandbox capability), I may try to find some time to test it out. I doubt it would deserve a "ssj104 video" however haha.

It's also probably not too different from the sandbox mechanism in CIS - certainly not a replacement for Sandboxie.

I hope you will do a test of CIS V. 6 (The Beta may come in September).
It will bring the Automatic Sandbox (default deny) with full virtualization.

I think comodo is more and more thinking about usability that is why i think they will be doing great efforts regarding the virtualizattion process (Hips is way to complicated and an AS without virtualization never worked very well.).
They are so heading that road (usability) that they even stopped using default deny in the Firewall in the default configuration in the latest stable release (all outgoing is allowed even if the application is in the sandbox).

Hi Guys,

Its not a bug. We have re-introduced "Allow All Outgoing Requests" rule in this release to remove outgoing firewall alerts if the user is installing the firewall and antivirus at the same time i.e. "Internet Secvurity" configuration.

If you need to resume the alerts, you can simply remove this rule or switch to another configuration.

Why did we re-introduce this?

According to your feedback in the last 10 months, we observed that outgoing firewall alerts are the main reason for uninstalling or shutting down CIS which in turn cause you to remain without an inbound protection as well as proper malware defense.

For advanced users such as yourself who would like to see the alerts, it is pretty easy to enable them with 4 clicks. So please remove "Allow All Outgoing Requests" rule if you would like to see the FW alerts again.

Regards,
Egemen

http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-551957861383-released-t74019.150.html




CIS 5.8 beta instalattion image









Sorry for the off-topic





avatar
Peter5
Member
Member

Posts : 31
Join date : 2011-03-26

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by Peter5 on 22/8/2011, 21:01

jna90 wrote:

[EDIT] Sorry for the confusion and I should have looked better at all the options and comparison between the free and paid versions.
I feel like such an idiot now. Anyway, sorry ssj about my own confusion of the product.
[/EDIT]

No need to apologize jna90.
because of you ssj100 might start doing some more tests Wink Cool
avatar
Peter5
Member
Member

Posts : 31
Join date : 2011-03-26

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by Peter5 on 22/8/2011, 21:52

Keep using sandboxie Very Happy

Actually I thought: This will never ever work and did not even try until today.

But it seems like the so-called sandbox is all about drawing red frames but not preventing anything.

What i did: Start process hacker in sandbox and do dllinjection into random processes (truecrypt, firefox etc)
Result: First attempt worked, sandbox outbreak...

This is so hilarious!



http://forum.avast.com/index.php?topic=82291.15
avatar
Peter5
Member
Member

Posts : 31
Join date : 2011-03-26

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by jna90 on 23/8/2011, 01:29

Peter5, thanks for the info and kind words. much appreciated.

Indeed, your last comment makes me shudder. I mean if it is just about drawing red frames and not a real protection or a flawed one at least, then I will definately stick with Sandboxie.

I got Shadow Defender up and running now with Sandboxie and Avast as last resort cleaning/scanning tool and malwarebytes on demand scanning, just to make sure that nothing gets through sandboxie and/or shadow defender. Ow and using keyscrambler (qfx).
I think I'll stick with this configuration. (SD + SBIE + avast + keyscrambler)

And about being offtopic, don't worry.
I think Comodo is a very very good and solid product and I'm very interested in its development too.
But I think you better post it in the Comodo section of this forum. In case other people want to find everything about Comodo they will not think that something in this thread is containing some info about it.

Indeed Comodo is very interesting to follow and I hope their sandbox will become better.

jna90
Member
Member

Posts : 36
Join date : 2011-07-20
Age : 43
Location : Amsterdam, The Netherlands

View user profile

Back to top Go down

Re: Avast Internet Security (with its own sandbox)

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum