Resource use of Network monitor, IM shield and P2P shield

When I start these 3 services the RAM usage doesn’t change anything. Neither is there any new processes. How do these three work? Since they have to be installed they are obviously not included in the Standard or Web shield, so where are they?

BTW: After installing Network shield I had to reinstall Comodo firewall :frowning:

BTW2: If I have a NAT router with a firewall, and use all the shields in avast!, do I then really need a software firewall at all (since the router hides the ports, and avast! scans the programs trying to communicate with the network/im/p2p/mail/web scanners)?

I’m curious to learn too…

I’ve installed, uninstalled, both Comodo and avast… I’ve never had any trouble with these two…

As far I know, only if you want to monitor, log, etc. the outbound connections.

But won’t the avast! network shield monitor known dangerous outgoing programs (isn’t that what it is doing). And dangerous programs that do act as servers or send data out without my knowledge should be in the virus database as well (trojans), right? So they should really be detected before they start sending anything, right?

Most of the functionality of these shields is in:

  1. avast! drivers - which are probably loaded anyway, and you don’t see them in RAM usage
  2. ashServ.exe - which is probably loaded anyway (because of the other providers)
    The “installed” part of these providers is mostly their gui (for the On-access scanner console) and some a small control module - which has so small memory usage that you probably don’t notice anyway.

The Network Shield, in my opinion, handles only incoming connections, not outgoing.

So with a NAT firewall (or software firewall) then the network shield is no point?

Will the standard scanners in avast! detect trojans that send data out from the system (making the “application monitor” part of a firewall no point). I’m looking into if I really need a software firewall as long as I have a NAT router with firewall and avast!

Basically, you’re right. You can disable the Network shield if you have a firewall. It’s good to have your operational system updated too.
But, like Igor said, at driver level, it won’t take resources if it is on…

Well, sometimes avast will take time to update the signatures and detect the trojan behavior. Layered defense will ask you to get the protection of the firewall and know what is happening in your computer, which parent application is sending data from your computer.

I’m glad my guesses get confirmed 8)

I may be wrong (would not be the first time) but I have assumed that the only real outbound scanning function of avast that really did anything was the outbound scanning of email and the ability of avast (at high setting of the Internet Mail provider) to catch excessive outbound email transmissions.

As for NAT router vs software firewall … I would point you to the oft repeated advice from DavidR in these forums. If an infection gets into your system and starts to send out your bank account passwords, details of your email passwords etc … your NAT router will happily allow them through without the merest hint of upsetting your day. A software firewall with outbound restrictions (unlike the current Windows XP firewall) should be alerting you and seeking your approval for all outbound connections and giving you the chance to wonder why stealingyourpassword.exe would be seeking outbound internet access.

But many expert claims that if a program want to send data out it easu to get passed the software firewalls anyway, so that is really false feeling of security. It’s a huge discussion on this in the “firewalls” newsgroup (on usenet). And that a software firewall will only catch well-behaved applications (and those won’t try anything like that anyway)

If the firewall is not well set… and, indeed, in many times this is what happens :cry:

Fully agree. In some computers, with people with some habits, on-demand scanning of spywares/adwares and good browsers (and their settings), you’ll be better than using a firewall.

Yes… this is the case in many times (for instance, ZoneAlarm).
Because of this, Comodo is receiving better grades in reviews. It tries to monitor non-good-applications behavior :wink:

That may well be true of some firewalls but not all software firewalls. Not every piece of malware, trojan downloader or backdoor, etc. is going to be trying to do this and something in the way of outbound protection is always going to be better than nothing at all.

So if you are happy to leave the door wide open and not even bother to close the door then you have to expect people to use it. A burglar might break in through a window but they often leave through the door. However, it is your system and your choice who to listen to and what to do.

  1. Network, Standard, P2P and IM Shields are implemented inside a kernel-mode driver so you won’t see any RAM usage changes or anything…

  2. RE Outboud protection of firewalls: I dare to disagree on this one. I don’t think it’s a false sense of security, if taken with a grain of salt (as always). It is not very easy to bypass a good firewall with outbound protection - if we’re talking about CLASSIC malware/spambots/backdoors etc. (that is, such a firewall can indeed be very efficient weapon against those). But of course, it’s almost impossible to prevent leaking of ANY data (except for disconnecting the machine from the network) – for a nice writeup, have a look e.g. here: http://en.wikipedia.org/wiki/Steganography

Cheers
Vlk