Avast shields

Hello!

Can someone accurately explain what exactly do the 3 Avast shields do? As in “real world”.

As I understand it it’s like that:

  • Mail shield is for people who use mail clients only (Outlook, Thunderbird…). I only access my mails through the Gmail web interface so I guess I don’t need the Mail shield. Am I right on that one?

  • Web shield protects us from everything bad when we are surfing/browsing the web with our preferred web browser (IE, FF, Opera…). If scans for malicious files, scripts/sites that the web browser is accessing. Is web shield protecting in any other way too (except for the web browser)?

  • File shields protects us from the files on the HDDs, floppy drives, USB drives, CDs etc. As I understand, from the files that are on the computer itself. One could say that the webshiled protects us from the online malware and when the malware downloads (or tries to downlaod) on our disk drive it’s the File shield that protects us from then on, am I right on that?

I’d really like to learn more about the Avast protection. Any comments are welcome! :slight_smile:

Mail Shield… There are some clients–Outlook Express is/was the major offender, and the most widely used–which store and archive messages and attachments in what is effectively an (Access) database. This prevents AV apps from accessing (;D, sorry!) them both in realtime and post-receival. The solution was to provide an app which would intercept all emails before they reached the client, and which then had to stop the download to allow users the opportunity to interact. Naturally, many current email shields now permit some degree of automation, for example recording/logging the offending message or attachment then deleting or quarantining to a chest.

(It has been stated that OE used the mbox .mbx file system for messages, eg: http://en.wikipedia.org/wiki/Outlook_Express#Versions_for_Windows. This has never been my experience, and was one of the major reasons for deleting it forever from my personal life. mbox is one of the things that fills AV designers with joy, as they can be interrogated in real-time…)

Any email client which uses the text-base unencrypted mbox system does not need the protection offered by Avast! MailShield, it is adequately protected by the FileShield. Most of these clients will also store attachments in a user-selected folder: Eudora (old versions) defaulted this to “…[i]usermail[/i]\Attachments”, thus allowing regular AV apps ready surveillance.

Your Gmail account is looked after by Avast! WebShield and ScriptShield, as well as any safeguards provided by your browser. You can help Avast! by setting Gmail to display and send all messages as text-only. Obviously the results will look a bit “unfinished”, but it’s the message which matters, not the embroidery. Right?

Gordon.

Thank you for the intereting explanation. I never used Outlook Express or any other clients, I only use the web-based login of Gmail so I guess I don’t need the Mail shield then.

What I’m really interested in knowing is the Web Shield. As I’ve read the old version of Avast had more shields and then the Script Shield, the Web Shield and the Network Shield were merged into the Web Shield which is in the latest versions of Avast.

So I’d like to know about those three shields and/or the Web Shield as it is now. The Script shield protects us from malicious scripts on the pages that are displayed in the web browser. Web shield protects us from malicious files that are on the malicious websites displayed in the browser.

What about the old Network shield? I’ve read that it protects us from worms and bad network traffic. What does that mean, what exactly does it do? Is it still present in the “new” Web shield?

I use my computer at home and we don’t have a local network, only have 3 computers connected to the router, mine by UTP cable and 2 others are on the wireless connection.

We don’t share files, printers or anything. So do I benefit from the Networks shield (which is now in the Web shield)?

Why am I asking so many questions? I use Sandboxie for web browser protection and I don’t think I need the Web Shield, I’d only like to have the File shield on. But Sandboxie only protects the web browser. And the old Web shield and Script shield are doing that too. I’m only concerned about the Network shield as it’s supposed to block bad URLs (that’s also web browser based thing) and block bad packets of data transmitted through the network. But is that meant as the local network or the internet?

I’ve made a mess of a message here, I apologise, but I’d really like to learn abouth the shields, maybe someone from the Avast team could explain it to me (and others)? Pretty please. :slight_smile:

Here is a quick explanation about the Mail and Web Shields.

Both shields work like a proxy for Mail (SMTP / POP3 / IMAP4 / NNTP) and Web (HTTP / HTTPS - should be available in the newest 2015 version) protocols, meaning that whenever there is an Inbound / Outbound connection on the above mentioned protocols, it will scan the traffic for any malicious signature / code.

Simply because you don’t use Mail clients or run your web browsers in a sandbox, does not mean that you computer is protected against threats using these protocols.

An unknown for avast! malware could eventually slip trough the File System protection and be invisible for an unspecified amount of time. Such a malware could use the Mail and Web protocols to download more viruses on your machine.

That’s why it is advisable to have them all running, because you will never know what could hit you and how it is distributed.

I see, thank you for the explanation. So, even if I never ever use an email client I should have the Mail shield on and running on my machine?

Yes. The resident shields in avast are there to collectively protect you.
Another piece of software most of us use is MalwareBytes Anti-Malware (MBAM).
If you use the free version update then scan once a week. If you can afford it MBAM
Premium runs $25.00 (US) each year.

I use MBAM Free too, thank you.

I’m looking for someone (Avast team?) to tell me all about the Web shield, what exactly it does. I’ve gone through the FAQ but can’t find the information I’m looking for.

The web shield protects you while online from websites with malicious content.
It does so by the use of heuristics, code emulation among other technologies.
What more do you need to know? ???

from wikipedia

File System Shield — Real-time protection against viruses and other malware threats. Scans files as they run on your computer to keep viruses from being able to execute.
Mail Shield — Scans messages and attachments in E-mail/Microsoft Outlook/Exchange for viruses.
Web Shield — HTTP protection (local transparent proxy). Version 4.8 also allows the blocking of URLs. Scans URLs and incoming data for viruses, and aborts connections to the site if one is found.
P2P Shield — Scans P2Pfiles from file share programs.
IM Shield — Instant Messaging protection. (Scanning of files transferred through instant messaging applications)
Script Shield — Scans webpages for malicious scripts, and disables them from infecting your computer, though they can still be used. (for example, a clickable button)
Network Shield — Basic protection against well-known network worms. Acts as an Intrusion Detection System.
Behavior Shield — Reports suspicious behavior by analyzing the behavior of programs.

Those are the “old” Avast shields and the three I quoted are now in the “new” Web shield.

As I understand the frist two in the quotation do everything in the domain of the web browser (http protection, URL blocking, sacanning, script scanning on websites etc.).

But the “old” Network shield - I would like to know what exactly it does nowadays in Avast. Only web browser based stuff or not? The well-known network worms, how can I get infected with them, only through the web browser or somehow else too (how?)? Can you please explain what does it do as an Intrusion Detection System? How exactly is the Network shield protecting the computer?

If anyone knows, or if the Avast team replies, I’ll be really happy. :slight_smile:

Thank you!

See http://www.avast.com/faq.php?article=AVKB89#idt_08

What exactly do you want to know? ???
By,“intrusion detection system” do you mean HIPS? ???
HIPS explained here.
If you do mean HIPS you will need to get a firewall with HIPS.
For firewall information click here.

I use Comodo Firewall w/D+ v5.12
Comodo Firewall download link.
Instructions on how to install CFW can be found here. Use caution to “not” install the Comodo antivirus.

I would like to know what exactly does the “old” Network shield do in Avast now (as a part of the Web shield). Only web browser based stuff or not? The well-known network worms, how can I get infected with them, only through the web browser or somehow else too (how?)? Can you please explain what does it do as an Intrusion Detection System? How exactly is the Network shield protecting the computer? I can’t find the answers in the FAQ.

The well-known network worms, how can I get infected with them, only through the web browser or somehow else too (how?)?
Mail and infected removable drives .... usb hdd / usb stick / camera card / P2P ......

Worm http://en.m.wikipedia.org/wiki/Computer_worm / http://usa.kaspersky.com/internet-security-center/threats/viruses-worms

Lots of info if you google…

As far I as know it’s the File System Shield that protects from those. Thank you all guys for your answers, I really appreciate but I think only the Avast team can give me the detailed/technical answer about the Network shield. If they do, great, if they don’t, I’ll live. :slight_smile: Again, thank you!

@ Bellzemos
I’m not sure if they would give any detailed ‘technical’ answer that may help others, competitors or those seeking to avoid detection.

Re. your assumption that because you only view email through your browser you don’t need the Mail Shield.

I would say you do as the Mail Shield could be the first indication that your system has a malware problem, either hidden or undetected spambot. I would go further and say you should set the Mail Shield at its highest setting for Sensitivity > Heuristics.

Remember having the Mail Shield enabled, doesn’t use any additional resources unless it is actually scanning email.

Same applies for the Web Shield, but for the HTTP and HTTPS protocols.

Note that these protocols are not web-browser exclusive, meaning that any application including malware could use them to download / upload data over HTTP / HTTPS.

David and Avosec, thank you both. I think I’m going to repair my Avast installation and add back the Mail shield.

You’re welcome.

You also need to realize that 85% of all infections come directly through the internet.
Therefore, disabling any part of your protection that protects from internet related invasions
is a very big mistake and one that you may regret.
Stay safe!