SafeOnline and Avast! Virtualization

Discussion in 'Prevx Releases' started by BoerenkoolMetWorst, Dec 10, 2010.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Hi,

    I was testing the new Avast 5.1 beta (Internet Security version), on the same system I have Prevx Facebook installed, and when I opened a virtualized/sandboxed browser Prevx SafeOnline seems to work correctly, tab is there, shows correct IP etc. Tried it with both IE9 and Opera 10.63. I never tried Avast's virtualization together with SafeOnline so maybe it was always compatible but I'm curious to know of really all of SafeOnline's protection under the hood is still working or it just seems too.
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Test Prevx against Spyshelters or Zemanas keylogger and you'll have your answer - that's if you're on x64 OS. In 32-bit OS you could also use the same tools to check if you're protected against screengrabbing etc.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    I did, with the spyshelter test tool and the protection works fine, but that doesn't mean all of SafeOnline's protection like protecting cookies, browser process, isolating untrusted browser addons etc also works.

    Does anyone know if it also works with other sandboxes from security suites like Kaspersky for example?
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Based on your results with SpyShelter, I would suspect the rest of the Prevx protection is working fine, but that means that Avast's virtualization/sandboxing is not working correctly. Sandboxie's results of blocking Prevx from working in the browser is what a sandbox should do as Prevx has to transmit data out of the browser and modify memory outside of the browser from within the browser. I'd recommend contacting Avast as I suspect they have some leaks within their sandbox if Prevx is able to protect the browser. (Who would have thought... security software can be used as a leaktest :D)
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Okay, I've posted it on the Avast forum.

    Just tried out kaspersky's safe run, it works partially. When the browser is started the SafeOnline tab works succesfully, antilogging too, however on max protection the green border of Kaspersky gets disabled, perhaps even more than only visual?
    When enabling protection after a sandboxed browser, the tab also appears, but it can't see the website. This is also with Avast btw.
     
  6. Gobbler

    Gobbler Registered Member

    Joined:
    Jul 30, 2010
    Posts:
    270
    What about having two separate installers, one with only the anti-malware components ie.real-time protection/monitoring and clean-up and an another installer with full components?This way people people would have the option to run Prevx with other applications which are known to conflict with SOL.Even a custom installation with the ability to install select components would help.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    It is possible to install Prevx 3 without SafeOnline, install via commandline and use this command:
    prevxcsifree.exe /prop SECUREB=N
    Of course if your filename is not prevxcsifree.exe replace it with the correct one.
     
  8. Gobbler

    Gobbler Registered Member

    Joined:
    Jul 30, 2010
    Posts:
    270
    Thanks.:)
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    For those interested, I got a reply from Avast:
     
Thread Status:
Not open for further replies.