does Avast SafeZone actually make a difference?

  • SafeZone is a feature in Avast Anti-Virus which is like a virtual machine that only has a web broswer. The benifit of this is that it can't be infected with spyware and isn't suseptible to keylogers. This makes it useful for online banking and other sensitive activities.

    Is there any truth to that? The only thing keeping me from switching to ESET Smart Security is this feautre, and Avast's firewall integrates with the Windows firewall. How does SafeZone work?

  • Graham Hill

    Graham Hill Correct answer

    9 years ago

    Yes, this is a well established technique for secure access to online banking and such.

    The idea is to build a brand new machine from scratch every time you want to log onto your bank, and wiping it afterwards. Because the machine is only on for a few brief moments at a time, and because you do nothing with it apart from visiting your bank, it becomes very hard for spyware or other malicious software to infect it.

    Obviously building a machine from bare metal every time is a pain, so to make this a practical technique you either use a VM, using a fresh copy of the disk image every time you use it, which is the approach SafeZone takes or a LiveCD.

    It's a good technique, but if you want to switch to a different vendor, you still can, and implement this technique yourself. The easiest way is a LiveCD; a VM is very slightly harder to set up but easier to use. Both are available for free, for example you can grab a Ubuntu LiveCD from http://www.ubuntu.com/download/desktop or a copy of VMPlayer from http://www.vmware.com/products/player/

    I suggest above that you use a fresh copy of the disk image with the VM; alternatively you can use the same image each time. This is slightly less secure in theory, but still fine for regular use, and makes it simpler. SafeZone defaults to this approach it appears, with a button to push if you do want to throw away a used image. (hat tip to @polynomial's comment below for this)

    Lastly, whether you use VM or LiveCD, one point that people sometimes miss is that you should regularly make sure that you have updated them with the latest security patches.

    +1. I've got a VM on a TrueCrypt volume for exactly this purpose. Mount TC drive, boot VM snapshot, done. Takes about 90 seconds. Whilst the TC volume isn't really required, it does protect me from targeted infection as long as I recognise any malware before I mount the drive.

    To get into the nitty gritty I don't think SafeZone is completely wipped, for example it remebers books marks and fild out forms. Does this make it more vulnerable?

    As I mention, SafeZone does not by default wipe the VM between uses. This makes it _slightly_ more vulnerable; without a lot more analysis of the situation I couldn't say if it makes it too vulnerable.

    If the VM is running inside a host infected with a keylogger, how can the VM prevent the host from recording the keystrokes?

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM