Tuesday, April 9, 2013

[Review] Avast Internet Security v7


Hello fellows,

Today i decided to review Avast IS (aka AIS), most of you knows the (in)famous free Antivirus and its many features; in this review, i will show you all the aspect of AIS.

Avast's Products Comparison


avast! is a package of applications that aim to protect your computer from a possible virus infection or other malware threat. If you use it correctly, and in combination with other programs such as data backup utilities, it will significantly reduce the risk of your computer being attacked or infected by a virus, and thus the risk of losing important or private data.
Based on the award-winning avast! antivirus engine, avast! antivirus 7.0 contains all of the features you would expect in a modern antivirus program. It incorporates anti-spyware technology certified by West Coast Labs' Checkmark process, as well as anti-rootkit and strong self-protection capabilities, but now provides even faster scanning with improved detection ability. It contains several real-time "Shields" which continuously monitor your email and internet connections and check the files on your computer whenever they are opened or closed.
avast! antivirus 7.0 includes an AutoSandbox so that suspicious applications can be run automatically in a safe, secure environment without the risk of any damage being caused to your system. It also includes the optional avast! WebRep feature, which provides you with information about the content and security of websites that you visit based on ratings provided by the avast! user community.
avast! Internet Security 7.0 offers a number of additional features, including the avast! SafeZone, which allows you to manage your sensitive transactions in a private, secure area, invisible to the rest of your system. avast! Internet Security 7.0 also comes with an antispam filter and built-in firewall.

ok now you have briefly saw what it contains, let 's go for a deeper tour ! :

User Interface

The UI of Avast is quite simple in its use ,  beginners can found what they look for quite easily.
The UI enables you to check the current status of your protection, to adjust the program settings and to launch manual scans.

On the left side of the window, you will see a number of navigation tabs, which can be used to access other parts of the program:

SUMMARY- contains current status information, access to avast! iNews for latest information, statistical and community information.
SCAN COMPUTER - enables you to run a manual virus scan, to schedule a boot-time scan and to view the scan results.
REAL-TIME SHIELDS - provides access to all the shield settings.
FIREWALL - provides access to the firewall settings.
ADDITIONAL PROTECTION - contains the AutoSandbox, Browser protection and Site Blocking features. If you need help, you can use the Remote Assistance feature to enable another person to connect directly to your computer. You can also find the SafeZone and Sandbox screens and Antispam settings.
MAINTENANCE- to update your program or virus definitions or to access the virus chest.

1- Summary

Current Status
By clicking on the drop-down arrow below your protection status, you can see more details about your protection status:

- Real-time shields: tells you if you are protected in real-time.
Firewall: Tells you if the Firewall is enabled.
- Definitions auto update: This will ensure you always have the most up to date virus definition and that you are protected from the latest threats.
- Virus definitions version :this tells you whether the virus definitions that are used to identify potential threats are currently up to date.
- Program version: this tells you whether you are using the latest version of the program.
- Expiration date: here you can see the date until which your current license is valid.

Cloud Services
Avast heavily rely on its cloud services gaining then redistributing signatures and informations to its users.

- [i]Streaming (real-time) updates [/i]: The streaming updates, will makes sure that new virus definitions are sent to you in real-time, rather than waiting for the next update. As your virus database will be continuously updated, this will give you even more protection against the very latest "zero-days malwares".
- [i]File Reputation [/i]: AIS will check if a file is safe even before it is opened, by checking its database of known files. Whether the file is considered safe or not will be determined by how common the file is among other avast! users, and for how long the file has been in existence

Just a statistic page, that shows you what was scanned by AIS and when.

2- Scan Computer

This tab shows you the various kind of scans available, you can adjust the options of each scan separately.

Quick scan - this will just perform a quick scan of your computer's system volume (usually the C:\ drive on your computer).
By default, only files with "dangerous" extensions are scanned, e.g. files with extensions such as "exe", "com", "bat" etc. Only those parts of the file at the beginning and at the end, where infections are normally found, are tested.

Full System Scan - This performs a more detailed scan of all your computer's hard disks and by default, all files are scanned according to their content, in other words, avast! looks inside every file to determine what type of file it is and whether it should be scanned. The whole file is tested, not just those parts of the file at the beginning or at the end where infections are normally found.

Removable Media Scan- this will scan any removable media that is attached to your computer e.g. USB flash drives, external hard drives etc. It will scan the media to detect potential "auto-run" programs that may try to launch when the device is connected.

Select folder to scan - this option enables you to scan just a specific folder or multiple folders.

You can adjust the options of each scan:

- Scan parameters: 
- Sensitivity: you can adjust the basic sensitivity, which determines how deep the files are scanned, and also the heuristic sensitivity
-Packers: you can specify which types of archive file are checked when scanning.
- Actions: you can specify the action that should be taken automatically whenever a virus, potentially unwanted program (PUP), or suspicious file is detected.
- Performances: Here you can adjust the priority of the scan when system resources are also needed by other applications and also you can configure the "persistent cache settings". AIS can store information about files that are verified as clean and this information can then be used to speed up future scans
- Report file: you can create a report of the scan results.
- Exclusions: Here you can enter or modify locations that should not be scanned
- Scheduling: you can schedule a scan to run once, automatically on a given day and time, or to run regularly on a daily, weekly or monthly basis.

Boot-Time Scan
One of my favorite feature of Avast, it is possible to start a scan automatically when the system restarts (when the computer "boots"), before the Operating System is active. This is useful if you suspect that a virus may have been installed on your computer, as it will enable the virus to be detected before it is activated and before it can do any damage to your computer.

Scan Logs
This tab will just displays a list of all scans that have been run and the their results.

3- Real-Time Shields

The prevention  parts of AIS, this nicely made tab will shows you all the available modules most of them contains many options that allows the users to tighten their configuration.
The real-time shields are the most important part of the program, as they are working continuously to prevent your computer from becoming infected. They monitor all your computer's activity, checking all programs and files in real-time - i.e. at the moment a program is started or whenever a file is opened or closed.
Normally, the real-time shields start working automatically whenever your computer is started. The presence of the orange avast! icon in the bottom-right corner of your computer screen tells you that the real-time shields are working. Any of the shields can be turned off at any time, but this is not normally recommended as it may reduce the level of your protection. If any of the shields is turned off, you will see a warning message whenever you open the user interface telling you that your computer is not fully protected (if one or more shields are turned off) or "Unsecured" (if all the shields are turned off).

File System Shield
It checks any programs at the moment they are started and files at the moment they are opened/closed. If something suspicious is detected, the file system shield will prevent the program/file from being started/opened to prevent any infection to your computer and data.

Mail Shield
This Shield checks incoming and outgoing email messages and will block any messages containing a possible virus infection from being accepted or sent by the user.

Web Shield
It protects your computer from malware while using the internet (browsing, downloading files, etc). It will detect and block known or potential threats coming from the web (hacked websites infected with malicious code). If a virus is detected while downloading a file, the download will be stopped to prevent the infection from reaching your computer.

P2P Shield
It checks files downloaded using common file sharing programs.

IM Shield
It checks files downloaded by instant messaging or "chat" programs. Nothing revolutionary there :D

Network Shield
It monitors all network activity and blocks any threats that are detected on the network. It also blocks access to known malicious websites based on the avast! database of infected URLs. This shield has no options.

Script Shield
It detects malicious scripts and prevents them from being run. The script shield will detect and block not only malicious scripts coming from the web (remote threats) but also scripts coming from other sources, such as web pages saved to disk or in the browser cache (local threats).
Unlike the "web shield", the script shield can also detect and block malicious scripts that come from HTTPS (encrypted) connections.

Behavior Shield
The Behavior Blocker of AIS. It monitors all activity on your computer and detects and blocks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points to identify anything suspicious.

For me, this shield is one of the modules that needs a real improvement, it has a tendency to block some very well known processes that are truly legitimate; in my case, it blocks an IDM process, making it crashes until i found out why.

4- Firewall

The firewall monitors all communication between your computer and the outside world and blocks unauthorized communication based on a number of "allow" and "deny" rules. In this way, the firewall can prevent sensitive data from leaving your computer and can also block attempted intrusions by external hackers.

Firewall Settings
Three security levels are available:

Home/low risk zone - suitable when using your computer as part of a home/private network. If this setting is selected, the firewall will allow all communication with the network.
Work/medium risk zone - suitable for when your computer is connected to a wider public network, including direct connections to the internet. This is the default setting and if selected, the firewall will allow communication in and out only if allowed by the "Application Rules". If no rule has been created, you will be asked to confirm whether or not communication with a particular application should be allowed.
Public/high risk zone - suitable when using your computer to connect to a public network and where you want to ensure the maximum level of security. This is the most secure setting and if selected, no incoming communication will be allowed, effectively making your computer completely invisible to others. 

Network Connections
This tab just shows you the connections that are currently open, or were open recently on your computer. You can get more details about the specific IP address, or trace the route taken by a piece of data to get to or from your computer.

Application Rules
you can set the communication rules for specific applications. The firewall will then follow the application rule whenever a particular application tries to establish a connection with the Internet or with another network set  as "Friend" or not.

5 types of rules are available:

- Friends out
- Friends in/out
- Internet out
- Friends in and Internet out
- All connections

"Friends out" - is the most secure setting as no incoming connections will be allowed and outgoing communication will only be allowed with networks defined on the Friends page in the expert settings.
Connections to the Internet automatically include connections to Friends. For example, "Internet out" automatically includes "Friends out". If "Friends in and Internet out" is selected, outbound connections to the Internet will be allowed, plus both inward and outbound connections with Friends. If "All connections" is selected, all incoming and outbound connections will be allowed.
You can further specify how to deal with connections above the selected level, for example, if an incoming connection from the Internet is detected, but the access level is set only to "Internet out":
"Block" -  such connections will never be allowed.
"Auto-decide" -  the connection will normally be allowed, however any suspicious connections will be automatically blocked. This will be based partly on a large white-list database of safe applications maintained by avast!
 "Ask"  -  you will see a message asking you to confirm whether or not the connection should be allowed.

Network Utilities
Here you can find out more information about specific IP addresses and you can also see a map of the route (similar to "Traceroute") that a piece of data packets takes to get to or from your computer.

IP details:

Traceroute: (example taken from my location)

Firewall Logs
A basic connection/activity log viewer, nothing exciting here... :D

5- Additional protection

This section lists all additional features available in AIS

AIS includes a fully integrated antispam filter to detect unwanted email.

The avast! antispam filter analyses all incoming email based on various criteria to determine whether it is legitimate. This analysis is based partly on a "blacklist" containing the addresses of senders from whom emails should always be marked as spam, and a "whitelist" which contains the addresses of known and trusted senders.

The avast! Sandbox is a special security feature that allows you to browse the web, or manually run another application, in a completely safe environment, isolated from the rest of your system.

AIS' sandbox is fully virtualized (like Sandboxie or Comodo's Sandbox)

This is especially useful when visiting potentially infected websites, or if you suspect an application may be infected - you can run the program (or your web browser) inside the sandbox to determine whether or not it is safe, while remaining completely protected against any malicious actions that it may try to carry out.

By default, if an application is started and avast! detects anything suspicious, it will automatically run the application in the Sandbox.

The "banking mode" of AIS, the SafeZone, you will use it via a special interface and browse the net with a modified version of Chromium browser.

Allows you to browse the web in a private, secure environment, invisible to the rest of your system. For example, if you do your banking or shopping online, or other security-sensitive transactions, you can be sure that your personal data cannot be monitored by spyware or key-logging software. If you go to a banking site which is recognized by avast, you will be automatically prompted to use the SafeZone browser for your online transactions. Unlike the avast! Sandbox, which is intended to keep everything contained inside so that it cannot harm the rest of your system, the avast! SafeZone is designed to keep everything else out.

Browser Protection
Here you can specify whether your web browsers should always be started in the Sandbox, so that you are always protected from any threats from the Internet.
Here you can also enable the WebRep feature and the Phishing filter, if they are available for your browser.

Remote Assistance
The remote assistance tool enables you to give another person remote access to your computer or provide remote help to another person. This can be useful if you are having any difficulties and you want another person to take control of your computer to help resolve the problem.

Not to say, don't allow allow any incoming assistance from someone you don't know ;)

Site Blocking
The parental control of AIS, you can enter the URLs of any websites that must be blocked so that they cannot be viewed in any browser. This feature can be used to block access to sites that you do not want children or other users to be able to access.

6- Maintenance

This tab gives you access to some maintenance options including:

- Updates: shows you the relevant informations about the signatures & program updates.
- Subscription: shows you your subscription status, days left, etc... you can renew your subscription here.
- Virus chest: the quarantine of AIS

7- Basic Settings

most of AIS options not related to the various modules are displayed here:

Final Notes

Avast IS is a very complete suite that will satisfy the needs from the beginner users to the advanced ones.
Its wide choice of options and modules afford a complete security of the principle layers of your system.
Not to say if set and used properly, AIS will gives you a very strong protection.
I hope the cons will be fixed in the future, AIS deserve its rank of topnotch solution.

I rate this products 4/5

Guide for Maximal security

thanks for reading.


No comments:

Post a Comment