Avast Network Shield--not needed?

Is the Avast Network Shield module (that comes with the Free Avast Antivirus download) redundant (i.e., not necessary) if one is running a firewall?

Or does the Network Shield filter some stuff the firewall doesn't?

I'm wondering if I can disable this module with the idea that it's not doing anything that my firewall isn't already doing. I'm using Online Armor firewall (HIPS deactivated) if it matters.

 

Depending on your FW, built in HIPS(?) I would say it is still necessary. Basically the FW allows through what you click on. The "Shield" checks what the FW allows.

I do not run the Network shield but do run the Web Shield as well as a HIPS based Web Shield and FW.

 

Hi,

With Comodo the ping on speed test net increases with 150ms, the avast web scanner is increase of 30 and the Avast network module 5ms or so.

Avast NIDS (network moduel) checks on a limited numer of network worms and I doubt whether you would notice this in normal surfing.

 

http://www.avast.com/eng/whats_new_in_avast_v.html#2

It is a Filter-Proxy for known Trojans and Worms.
Network Worms can increase themself, without use other Software. So the Network Filter scans "outside" the normal Traffic.
The difference : Web-Shield scans inside the Traffic.

I you need this ?
Maybe

 

Keese1958. is that ping increase for Comodo high for any app? Or doesn't it make much of a difference? I never experienced any browser slowdowns when using Comodo and Avast together and having Avast's Web Shield and Network Shield enabled. However, I'm still curious. Thanks.

 

I tend to keep the Web Shield turned off because I don't like running things through proxies.

Does this impact whether I should surely run the Network Shield or not (or is it irrelevant)?

I'm a careful browser.

 

I'd say it's not needed.

 

For normal usage you won't feel the difference (max 200 milli seconds), point I was making that Avast webshield and network shield cause very little delay.

 

The way I understood it was that if you didn't have a network or more than 1 computer hooked through a router, you didn't need it.

 

These avast! forum topics provide some explanation:

Thread1
Thread2

If your machine is protected by a firewall that is correctly configured
to reject unsolicited inbound packets, then I don't believe the
Network Shield will ever have anything to intercept.

 

Can some of the FW experts provide me of feedback

I have a NAT router with SPI on message header level (no DPI), so the network module of Avast will filter packet contents on worms. In that case it is (I thought) a low PC user skill level extra to your protection.

Thx

 

Hi,

From an unexpected corner came the reply

https://www.wilderssecurity.com/showpost.php?p=1201554&postcount=1

Read the Egemen said about SPI and DPI

thx experts for the roaring silence of an unanswered question

My conclusion: my assumption was correct, only practically useless due to the limited detection chance! I am disabling the network shield module

 

Why disabling something that doesn't affect anything unless malicious?
It's like removing airbag from car assuming you won't ever have a car crash (even though airbag is just idling there, doing nothing for whole time). Funny isn't it how nicely car analogy works with computers...

 

Analogy does work, but in a different way:

It is like a airbag which will only work in 20% of the collisions at best, but you do not known at which speeds. During driving it slowes down steering. So for protection I trust the safety belts and disabled the airbag.

When you do not agree with this discuss the contents of the post I am referring to. According to that post there are to many instances/cases where the Network Shield is not able to detect the intrusion. https://www.wilderssecurity.com/showpost.php?p=1201554&postcount=1

Regards Kees

 

The Network Shield in avast provides protection against certain Internet Worms (Blaster, Sasser, Welchia etc.).

For these worms, it has 100.0% detection rate (it's not "an airbag which will only work in 20% of the collisions at best" as you put it).

For any other threats, its detection rate is 0.0%.

It's as simple as that.

Vlk

 

VLK

Thx for the clarification, does network shield also detects the sasser worm when it is compressed (to mention one of the exceptions of Egemen, i think developer at Comodo), or is this a non existing theoretical situation (compressed internet worms, worms hidden in large data chunks ect)?

regards K

 

It detects the attempt to exploit vulnerable services which are listening for incoming packets (network worm behaviour)
A properly patched machine and/or a firewall and/or service hardening (no listening ports) make the Avast IDS useless.

 

..until another critical vulnerability is discovered, and you wait for the patch till the next 2nd Tuesday in a month...

 

I have never seen it explained that way. Thanks!

 

What does the Network Shield stop that a good firewall can't?

And vlk, if the speed of which Alwil responds to sample submissions is anything to go by, Microsoft could very well beat you guys to the punch anyway.

 

A firewall is just a "binary" obstruction. I.e. it either lets all traffic in, or it blocks all traffic in (on a given port).

Sure, if you have no ports open at all, you don't need a Network Shield. But if you're providing some services to the rest of the world, it may become handy one day.

The tax you pay for running it is very low (it is one of the most trouble-free [components of avast).

That is not exactly fair. What I mean is that these findings tend to be very volatile. The internal infrastructure (which has been a greatest drag for us in this respect) is being upgraded continously, and we're hiring new staff all the time.

Things are getting better (and will continue to do so later this year, when new systems will become effective).


Cheers
Vlk

 

That's an interesting way to look at it. Well, as long as there's a choice whether to install it or not, I suppose I've got no complaints.

I don't really think it's unfair to say that Alwil's response speed has been stuck in a rut for some time now. I'm not quite sure what to make of it either, to be honest. ESET and Frisk, for example, have their unapologetic, in-your-face, take-it-or-leave-it policy of horrendously slow response time, and I don't know whether you guys are like that as well, or trying to improve but not being very successful at it so far.

But in the meantime, vlk, could you drop a note by the malware analysts to pay a bit more attention to mass-propagating IM worms? Of the people I've installed avast! for, there seems to be the trend of me making visits every now and then to fix the damage caused by undetected MSN worms. Would be very much appreciated, and thanks in advance.

 

Hello there,
No, Avast's Network Shield feature only checks viruses, it does nothing whatsoever for intrusion attempts. I think firewalls filter better than network shield do.Feel free to drop in queries else further.
Regards,
Bmora96

 

Point taken