Avast Network Shield--not needed?

Discussion in 'other firewalls' started by nmaynan, Mar 8, 2008.

Thread Status:
Not open for further replies.
  1. nmaynan

    nmaynan Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    98
    Is the Avast Network Shield module (that comes with the Free Avast Antivirus download) redundant (i.e., not necessary) if one is running a firewall?

    Or does the Network Shield filter some stuff the firewall doesn't?

    I'm wondering if I can disable this module with the idea that it's not doing anything that my firewall isn't already doing. I'm using Online Armor firewall (HIPS deactivated) if it matters.
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Depending on your FW, built in HIPS(?) I would say it is still necessary. Basically the FW allows through what you click on. The "Shield" checks what the FW allows.

    I do not run the Network shield but do run the Web Shield as well as a HIPS based Web Shield and FW.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    With Comodo the ping on speed test net increases with 150ms, the avast web scanner is increase of 30 and the Avast network module 5ms or so.

    Avast NIDS (network moduel) checks on a limited numer of network worms and I doubt whether you would notice this in normal surfing.
     
  4. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    http://www.avast.com/eng/whats_new_in_avast_v.html#2

    It is a Filter-Proxy for known Trojans and Worms.
    Network Worms can increase themself, without use other Software. So the Network Filter scans "outside" the normal Traffic.
    The difference : Web-Shield scans inside the Traffic.

    I you need this ?
    Maybe
     
  5. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Keese1958. is that ping increase for Comodo high for any app? Or doesn't it make much of a difference? I never experienced any browser slowdowns when using Comodo and Avast together and having Avast's Web Shield and Network Shield enabled. However, I'm still curious. Thanks.
     
  6. nmaynan

    nmaynan Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    98
    I tend to keep the Web Shield turned off because I don't like running things through proxies.

    Does this impact whether I should surely run the Network Shield or not (or is it irrelevant)?

    I'm a careful browser.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd say it's not needed.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    For normal usage you won't feel the difference (max 200 milli seconds), point I was making that Avast webshield and network shield cause very little delay.
     
  9. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    The way I understood it was that if you didn't have a network or more than 1 computer hooked through a router, you didn't need it.
     
  10. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    These avast! forum topics provide some explanation:

    Thread1
    Thread2

    If your machine is protected by a firewall that is correctly configured
    to reject unsolicited inbound packets, then I don't believe the
    Network Shield will ever have anything to intercept.
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Can some of the FW experts provide me of feedback

    I have a NAT router with SPI on message header level (no DPI), so the network module of Avast will filter packet contents on worms. In that case it is (I thought) a low PC user skill level extra to your protection.

    Thx
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    From an unexpected corner came the reply

    https://www.wilderssecurity.com/showpost.php?p=1201554&postcount=1

    Read the Egemen said about SPI and DPI

    thx experts for the roaring silence of an unanswered question :p

    My conclusion: my assumption was correct, only practically useless due to the limited detection chance! I am disabling the network shield module
     
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Why disabling something that doesn't affect anything unless malicious?
    It's like removing airbag from car assuming you won't ever have a car crash (even though airbag is just idling there, doing nothing for whole time). Funny isn't it how nicely car analogy works with computers...
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Analogy does work, but in a different way:

    It is like a airbag which will only work in 20% of the collisions at best, but you do not known at which speeds. During driving it slowes down steering. So for protection I trust the safety belts and disabled the airbag.

    When you do not agree with this discuss the contents of the post I am referring to. According to that post there are to many instances/cases where the Network Shield is not able to detect the intrusion. https://www.wilderssecurity.com/showpost.php?p=1201554&postcount=1

    Regards Kees
     
  15. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    The Network Shield in avast provides protection against certain Internet Worms (Blaster, Sasser, Welchia etc.).

    For these worms, it has 100.0% detection rate (it's not "an airbag which will only work in 20% of the collisions at best" as you put it).

    For any other threats, its detection rate is 0.0%.

    It's as simple as that.

    Vlk
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    VLK

    Thx for the clarification, does network shield also detects the sasser worm when it is compressed (to mention one of the exceptions of Egemen, i think developer at Comodo), or is this a non existing theoretical situation (compressed internet worms, worms hidden in large data chunks ect)?

    regards K
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It detects the attempt to exploit vulnerable services which are listening for incoming packets (network worm behaviour)
    A properly patched machine and/or a firewall and/or service hardening (no listening ports) make the Avast IDS useless.
     
  18. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    ..until another critical vulnerability is discovered, and you wait for the patch till the next 2nd Tuesday in a month...;)
     
  19. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I have never seen it explained that way. Thanks!
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    What does the Network Shield stop that a good firewall can't?

    And vlk, if the speed of which Alwil responds to sample submissions is anything to go by, Microsoft could very well beat you guys to the punch anyway. :ouch:
     
  21. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    A firewall is just a "binary" obstruction. I.e. it either lets all traffic in, or it blocks all traffic in (on a given port).

    Sure, if you have no ports open at all, you don't need a Network Shield. But if you're providing some services to the rest of the world, it may become handy one day.

    The tax you pay for running it is very low (it is one of the most trouble-free [components of avast).

    That is not exactly fair. What I mean is that these findings tend to be very volatile. The internal infrastructure (which has been a greatest drag for us in this respect) is being upgraded continously, and we're hiring new staff all the time.

    Things are getting better (and will continue to do so later this year, when new systems will become effective).


    Cheers
    Vlk
     
  22. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    That's an interesting way to look at it. Well, as long as there's a choice whether to install it or not, I suppose I've got no complaints.

    I don't really think it's unfair to say that Alwil's response speed has been stuck in a rut for some time now. I'm not quite sure what to make of it either, to be honest. ESET and Frisk, for example, have their unapologetic, in-your-face, take-it-or-leave-it policy of horrendously slow response time, and I don't know whether you guys are like that as well, or trying to improve but not being very successful at it so far.

    But in the meantime, vlk, could you drop a note by the malware analysts to pay a bit more attention to mass-propagating IM worms? Of the people I've installed avast! for, there seems to be the trend of me making visits every now and then to fix the damage caused by undetected MSN worms. Would be very much appreciated, and thanks in advance.
     
  23. bmora96

    bmora96 Registered Member

    Joined:
    Mar 19, 2008
    Posts:
    5
    Hello there,
    No, Avast's Network Shield feature only checks viruses, it does nothing whatsoever for intrusion attempts. I think firewalls filter better than network shield do.Feel free to drop in queries else further.
    Regards,
    Bmora96
     
  24. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Point taken :)
     
Loading...
Thread Status:
Not open for further replies.