Avast! added a feature that let you block websites (i think they released it a year ago):
Additional Protection > Site Blocking
Why not adding another option called “Directory Blocking” which will give you a full control on your computer?
Avast will ask for a password if you try to enter (lets say windows- just block %windir% with a different password than the one entered for Avast).
Deny access completely to directories (if you want to deny access from everyone, even from yourself).
It can be great for other things too (18+ lol…), i don’t see a reason against this idea, in the worst case, you can ignore this option by not activating it, exactly like in the “Site Blocking”.
and you can add more things… like encrypting specific files in the computer using a unique password.
If you prevented access to %windir%, you’d kill the system - you couldn’t start any application, or the system wouldn’t even boot if you did it too early.
Anyway, Windows itself already has exactly such a feature - called “user accounts” / “access rights”. Even the encryption for specific files is there (on NTFS filesystem). So there’s really no point in duplicating such feature in avast!..
Prevent access to %windir% only for userland, not for the system itself.
And by prevent I mean by using a password, or in another way, get logs about who accessed the protected directories including the system itself.
And I don’t think that people use “user accounts”, itsn’t a good alternative (that’s my opinion at least).
Oh an btw, window’s encryption is a total ripoff, im talking about some serious RSA encryption, similar to the one GPcode is using.
You can’t really distinguish between the system and the user here. It’s the user who starts the application - so it’s the user (“his” process) who needs to access the libraries in system folder.
I’d say user accounts is exactly what you’re looking for. It’s hardcoded into the system, i.e. it applies to any possible operation you can imagine - and you just say this user has read access, this one doesn’t… and you’re done.
Btw, asymetric crypto (such as RSA) isn’t normally used for filesystem encryption itself (at least in real systems) - because it’s kinda slow (so it’s limited to key encryption, for example).
itsjustme2, sorry, it wouldn’t be practical like Igor said.
Limited user account will do it.
Anyway, why do you think we need to protect some folders to avoid malware… They really could be elsewhere…
No no i think we aren’t talking about the same thing, maybe im not clear enough.
maybe %windir% was a bad example.
What I meant was to deny access to specific directories (i.e: c:\avast*.*), access will be granted only with the password you’ve entered from the first place, with the option to let certain programs a full access to these
directories without any permission by the user, so they won’t be affected by it.
I don’t think that “User Accounts” is able to perform in this way.
P.S: I’ve seen gpcode encrypting a hard-disk full of data for something like 40seconds, and i didn’t mean encrypting with 1024bit, 256 will be enough as a start.
Limited user won’t be able to access these directories with a password.
It wasn’t meant for malwares, i use site blocking to stop advertisements and its work perfectly.
I think that directory blocking will be a great way to prevent other people who’re accessing your computer from modyfing important files in your computer.
I know that people who’re hacking to other computers often use files encrypted in c:\recycler or just delete the antivirus manually.
Well… Maybe we can think on full system encryption… I hope avast could have this feature.
Right not, you can see TrueCrypt. Nobody will access nothing in your computer…
How is it possible to make a full system encryption? how will the system even work? files will be unreadable, if you encrypt .exe/.bat/etc the system will crash, I was talking about encrypting important files only.
I still don’t understand what is the problem with something like “Avast Control” to request passwords from protected directories.
P.S: Site Blocking is already existing in windows:
just go to %windir%\system32\drivers\etc\hosts and write “IP ADDRESS 127.0.0.1”
browser in these days let you block sites with parental control (existing in almost every web browser, so that’s ok to put in Avast, why isn’t that called as a copy? and people still prefer to use Avast’s control).
Truecrypt (and encryption) are not avast! …
Besides, if avast! stop working, it could be uninstalled. You don’t lose anything… (except time to solve). And seems the user is using avast! free, so he/she even lose money.