I’ve been using avast! Home for around 18 months with only Internet Mail and Standard Shield enabled and as part of my attempts to beef up security, I have a few questions about the other providers -
Instant Messaging - I use Yahoo, MSN and Trillian IM’s. There are options in all to set the path to an antivirus program for sending/revieving files, which I have set to ashquick.exe.
Would enabling the provider do anything different or give any added protection?
Web Shield - I only use Firefox for browsing and after clicking on a link someone posted here to test the Web Shield, the eicar virus was picked up instantly by my standard shield. So would enabling web shield add anything?
Network Shield - I’ve read a few articles on this but I’m still not entirely sure exactly what it would protect me from. I’ve seen it described as an IDS and also as a light firewall.
I’m using Kerio 2.1.5 firewall with very tight rules and am also trying out some other security apps (Process Guard free, System Safety Monitor, Antihook, Prevx) so would it give me any advantages?
I don’t use Outlook or p2p so I’m not concerned with the other providers.
Any advice is appreciated.
IM Shield: Its better to enable the shield than to manually configure all diff IM’s to scan using avast. Also the Shield checks ALL files accessed by the IM programs, not just files recieved from other users (eg: logs and archives, setting files etc…).
Web Shield: U should most definately enable webshield. I know firefox is pretty safe but then trojans do get saved into firefox’s cache sometimes. The webshield does not let this happen.
Network Shield: Umm… i guess if u have kerio, u dont need this enabled.
As far as i know, only Standard Shield, Internet Mail and Webshield use different processes, so they take more RAM if u enable them. The rest of the shields dont make any separate processes so the RAM usage will remain same if they are enabled or disabled (Maybe they use some CPU). But then i think u can spare some CPU time for a critical task such as virus protection!!
Thanks for the replies.
I’m not concerned with any ram usage unless it badly effects my computer’s performance. Even with all providers running the ram usage seems pretty modest anyway.
I’ve now enabled all providers except outlook via add/remove programs then stopped any I don’t use, then it’s easier to just start any if I think I need them in future.
I have now enabled Network shield, I’ll just keep an eye on it to see if it does do anything for me.
I’ve also enabled the IM shield for extra protection.
I’ve had to disable web shiled for because it is causing me problems at the moment so I will have to look into it.
[EDIT] I’ve sorted out my problem with Web Shield and now have it running but when I tried the the test link I mentioned in my first post, it is still picked up by the standard shield, not the Web Shield. The link in question is a download link it appears so that may be why. Does anyone have any other ways I can try it out?
This provider will be very useful if you do not have a firewall, or Windows XP firewall or have them bad configurated. But, in fact, you will only need it when you less expect
You need it if you use any IM program.
This is the most useful one and you have it disabled
Looks like you posted this at the same time I was editing my last post. As you can see in that post, Web Shield is now enabled.
Any links I can try it out on?
I mean, I know it’s working by showing the detailed info alerts but I just want to see it in action.
BTW, I’m wondering if my system needs so-called sandbox software. At the moment, I’m using Kerio 4.1.3 (2.1.5+sandobox seems to be a good idea but 2.1.5 doesn’t seem to be working well on my computer), which has a simple sandbox function called system security module. Considering my little knowledge on DLLs, probably, I’d better stay with the module. Also, I wonder if all the troubles of configuring each DLL are worth the effects.
How do yous think of it? Are there some recommendations from the list given by fannymites (Processguard free, System Safety Monitor, Antihook, Prevx) or your own?
Click here to test avast! WebShield.
This should bring up a window asking to abort the connection or, at least, the popup message that an infected file was blocked by WebShield.
Another way to see if it’s working, like you said, is loading a web page from your browser and see if it it shows up on WebShield panel as being the last scanned.
Again, thanks for the responses. I haven’t been to these forums in a while before this (which probably says a lot about how problem free avast has been for me) but it still ranks alongside mozillazine forums, Wilders Security and even linuxquestions.org as one of the best out there in my opinion.
Anyway.
@Umath - I think how much you need such software depends on how you use your computer.
I wasn’t convinced with Kerio4.x System Security module. It seemed to me that once you allowed 1 program to launch another, you were giving it permission to launch anything. I may be wrong or I may be missing something, I certainly no expert.
What I can tell you is since I first started using a computer around 18 months ago I’ve just been using Kerio2, avast! and spybot and in all that time I haven’t had a single virus infection or any other malware type problem.
In the last couple of weeks since I’ve been trying out these different programs I’ve had more problems than I’ve had in the whole of the previous 18 months put together.
Many crashes, many freeze-ups, lots of slowdown and plenty of hanging at startup problems, which is the sort of thing I was trying to protect myself from malware doing.
I even ended up having to re-install Windows after I could no longer boot up, even into safe mode.
Of course things work differently for different people and computers so I don’t want to completely put you off. I’m sure many people run these programs with no problems at all.
I’ve been running these programs as much for something to tinker around with than anything else and I was planning to re-install Windows at some point anyway.
But if you happen to be using Objectbar then expect lots and lots of problems.
If you are still interested try here - http://www.wilderssecurity.com/
There’s tons of very useful and interesting stuff there on such programs.
[EDIT] After reading back through this post I think I seem really negative towards the security apps mentioned. I’m not trying to put anyone off, just explaining my personal experience of such programs.
Sorry for the long blabbing post.
I’m not convinced with Kerio 4.x system security module neither and thank you for the link. And I agree with you at that it probably turns out to be troubles or nuisances at best if we don’t have enough knowledge to handle these apps (including issues such as possible registry mess, troubleshooting and compatibility). Probably, I should just read the forum.
For me:
Network Shield, Web Shield and Standart Shield are enough. I use webmail otherwise I would use the mail scanner as well… I don’t see the point of using the IM and P2P scanner, since the Standard scanner already scans the files I start…
The best advantage is using Standard Shield at Normal (or Custom) level (without consuming that much resources on open/create/modified files being scanned) and use a dedicate provider for a best scanning of potencial infected files
See, everything is possible in avastland
Quick summary: The other shields (not Standard Shield) are your blockades, the Standard Shield is second defense for any security breach. It’s best recommend to have IM, Web, P2P, Network,and Internet Shield enable, if your not using Outlook Express, you don’t need to enable the Outlook Shield.
I’m now using all providers except p2p and Outlook with no problems but I do have some concerns about the Web Shield.
I have left it with the default setting, scanning port 80 and my Kerio logs show avast connecting to port 80 rather than Firefox, IE etc.
Surely this means that ANY application which wants to connect to port 80 is going be redirected by avast and go straight through the firewall, including any trojan type thing?
The Avast team made a change sometime ago so that the Webshield will only redirect the HTTP traffic directed to port 80 by applications they have tested. If you want to include other applications they need to specified by the Opt-in list held in the avast4.ini file. Those applications not in the list connect to port 80 and if not known to your firewall will be challenged.
All of the traffic directed to port 80 of servers outside will still go to your firewall. Hopefully Avast will prevent a Trojan entering your system and taking over your browser, but if it did most firewalls will detect that the program has been changed and give you a warning when it attempts to send traffic outbound.
