Thanks to GakunGak ( http://www.youtube.com/watch?v=GxG1RwUeo38 ) for the special test ( you can download this test from: http://loombo.com/sy3ae3lc6fsz) that i requested, and he did it. He reviews softwares on Youtube. I wanted to see what will happen if we pause all shields except Behavior shield and firewall. As you will see in the test, there is no prompt from AIS Firewall and Behavior Shield during the test. Machnine was infected and i strongly believe that the infections was opening connection to outside. The firewall acted like Windows Firewall. I am not sure if the firewall protected or not. Please can you help me why AIS didn’t show any firewall alert? (By the way i would like to have a behavior shield like ThreatFire and SONAR of Norton)
I fail to see the validity of such tests where you cripple the security to run a test to prove a point in what is not a standard installation. The suite is integrated to provide overall protection, the firewall isn’t designed to be a stand alone application.
If this tester user was also using a 64bit OS for this sudo-test, then currently the behaviour shield whilst running has no 64bit rules/filters, so if you are testing behavioural blocking it is as much use as a chocolate ashtray. Avast 5.1 is as far as I’m aware going to include 64bit rules and more for the 32bit OSes.
I don’t use the suite, so I can’t say how the outbound checking occurs in the firewall component of the suite.
I know, in normal installation i install everything and there is no reason to do the opposite. This was special test to see if avast will give firewall alert and how the alert looks like. If all the shields were enabled, avast would not let the pc infected. I didn’t mean that it could not protected the pc because i already wanted this. I ask: Why avast didn’t show any alert and gave automatic access to them. If you know the answer please write here instead of criticizing the test of validity.
If you want to see notifications of programs connecting to the web set the firewall to “Ask” and you¿ll see a ton of pop ups.
Of course you have to agree or deny to them.
The firewall in AIS is mainly to prevent identity theft I believe. It’s main purpose is to block hacker attacks and prevent sensitive data from leaving your computer. It also blocks exploits. So I don’t think it deals with malware. Network based attacks are blocked by the network shield. Normal malware is covered by the other shields (like file system shield and web shield). I’m not too sure about the behavior shield, it’s in development.
I agree with you. I guess it is designed to stealth ports and block attacks coming from net. I would like to see reply from avast team if it is support forum.
Avast Firewall is not a standalone product. It works in the team with antivirus and other shields. Yet, you are right, other shields can be turned off. Lets analyze the test then.
This is how I see it: you (the tester) deliberately downloaded some program from the Internet. Antivirus shields are off, so we must assume this is not a virus, also we can see that the user has downloaded the application by clicking on the link, it was not a browser hijack, exploit, drive-by-downlaod, etc., and then the user executed the downloaded program. Since it is not a virus and the firewall is configured not to ask, I assume it is pretty correct to let the program start and configure the rules for it. Next time, if the user is not satisfied, he can can modify the rules and limit the network access for this specific new software he has just downloaded, if wants.
If the user wants to be in control for every newly started program, there is an option to switch the firewall to the “ASK” mode, which might make sense after some time, when most of the frequently used programs are already configured and the potential hassle of being asked to much is smaller.
yeah, a firewall is not an anti-malware tool: there’s a difference between something installed silently and attempting to connect and something you deliberately downloaded while the firewall was set on auto-decide, and will obviously allow an outbound connection later on for the application. Comodo does the same.
Hello, forum.
It was me who did a test. I got a request to do a test with specific instructions.
And so I did. OS was Windows XP SP3 32bit W 512MB ram. I am NOT a professional tester but I do tests, just recently started recording them… What I do is take default settings after install, try not to change anything, but because of request, I did disable components of Avast.
You have seen the video, and since avast was on automatic mode, how did avast handle requests to the internet? Did it automatically allow or reject from unknown program?
I did not put this video on youtube because the test is not fair to others and it’s components got disabled. I will test avast very soon with default settings and all components enabled by default, and after rounds of default installations pass for all products, new round will begin with maximum settings possible.
Hi, indeed, when checking if some specific executable is malware or not before allowing its traffic or blocking it, the firewall depends on the antivirus. Duplicating such features in the firewall itself wouldn’t make any sense. However the firewall has also its own whitelist and blacklist that helps the “auto-decide” routine to create the rules.
As i understand let’s say there is one file wants to connect to internet so avast firewall will check white/black list and consults to avast antivirus and behavioral shield. If everything is okay, it will create a rule and allow access. But if we discover that file is malicious we can block the access manually.
[/quote]
Hi, indeed, when checking if some specific executable is malware or not before allowing its traffic or blocking it, the firewall depends on the antivirus. Duplicating such features in the firewall itself wouldn’t make any sense. However the firewall has also its own whitelist and blacklist that helps the “auto-decide” routine to create the rules.
[/quote]
In which case, if the malware isn’t detected by avast antivirus, isn’t the AIS outbound firewall bound to let it connect (and so is there any point in having an outbound firewall unless it is set to “Ask”)?
Avast documentation states that the firewall uses heuristics as well as the blacklist/whitelist. Is this true?
And also, what if the antivirus does not detect a malicious program? Isn’t the purpose of a firewall to block a threat if the AV misses it? ??? (speaking about outbound protection, not inbound)
Edit: I read more carefully and found this:
By this do you mean that the antivirus checks it before the firewall analyzes it? Sorry, it is kind of unclear to me.
See?
All of these reasons are why I set the firewall to ask.
Because even if a file is declared “clean” by the AV and it is not on the firewalls black list that is not reason for it to connect to the internet, because, YOU -the user- might not want it to.
For instance: I use Opera to browse the web and as a mail client (Opera has M2) and it has the Unite services which right now I’m not using so why would I want the firewall to let Opera the broadest all connections status?
I wouldn’t because om my PC it doesn’t need it. That is why I set it to ask and grant only the access I want.
Of course that means dealing with pop ups and having to learn how the firewall works BUT if somehow I ever download malware and the AV misses it, It won’t be able to automatically connect to the web.
Just a thought.
