What's written below was taken off the old Ewido website, and it made me wonder. Does AVG AS now do this since taking over Ewido?

As written on the Ewido Website.
Daily signatures ensure the necessary real-time required updates and heuristic analysis detects unknown malware. In the new version of the ewido security suite, which is scheduled for release early in 2006, malware will also be detected on the basis of its behaviour through the integration of a host-based intrusion prevention system (HIPS). The three-level protection will provide an even higher degree of security.

I think that "malware will also be detected on the basis of its behaviour through the integration of a host-based intrusion prevention system " means code emulation.

malware covers a lot. Does it also deal with viruses, trojans, worms, etc?

I installed AVG 7.5 once again tonight. It is a good program IMO and never has made for any anxious moments on my PC. The only item i need to watch is the "Guard". It is so efficient that it will "Lock" a known malware where when you click it the file will refuse to respond. That is a built-in security feature that does a computer good.

I terminate it ONLY in order to launch my malware files, otherwise they are frozen stiff and will not start at all. That is solid protection with a capital "P"!

Hey EASTER.2010, how goes it? LOL. I reinstalled the AVG Antispyware Component in my Internet Security Suite after reading what you posted above. I do wonder though if Grisoft definitely implemented the behaviourial HIPS into AVG AS? It doesn't anything mention this on their website. If you look on the a squared anti-malware website however, they go into great detail about their IDS realTime Prevention. You would think if AVG AS offered what Ewido had planned in early 2006 with the HIPS it spoke of, that grisoft would be advertising the fact. This is what makes me wonder if they ever did it.

The A2 Guard and the AVG-AS Guard are entirely different products. The AVG-AS Guard is a signature scanner looking for known malware types, similar to an AV, there is no question of behaviour analysis or IDS. What the future holds I cannot know, but for the present the Guard does what I require and it is the only security measure on my box that I never disable - no matter what I'm installing. If you run something the Guard will scan it - so even if you make a mistake with your execution protection, at least you have another chance to stop the baddie.

So TopperID, are you saying AVG AS also doesn't even use Heuristics in RealTime? I know it has it for On Demand scanning as the Grisoft website indicates. I just wonder then if it doesn't, why they never implemented what Ewido apparently was going to in early 2006 with Heuristics and HIPS? It is clear that was the plans as I posted above right off the website of Ewido.

-{ Quote: "So TopperID, are you saying AVG AS also doesn't even use Heuristics in RealTime? " }-
Only someone from the Company can say for sure, but I believe that it does not have the same Heuristic component realtime that it does 'on demand'. Indeed the quote you give states that "real-time required updates and heuristic analysis detects unknown malware". It doesn't actually say that the heuristic analysis is real-time, just the updates; though I agree it is confusing use of language.

Some AVs give you the option to configure the level of heuristics in the Guard differently from the demand scanner. Typically you would wish for lower heuristic levels in the Guard, to avoid fp problems. The fact the demand scanner can be configured more tightly is one of the reasons why demand scans can be useful. Because the AVG-AS Guard configuration does not refer to heuristics, while the demand scanner does, leads me to conclude that the latter is using a function not available to the former.

As to HIPS, I'm beggining to wonder if this was a reference to the enhanced analysis section, which enables you to check on various aspects of your system, TCP connections, LSPs, Autoruns etc. You have variuos possibilites to remove, repair, delete, terminate etc not generally available; for example you can terminate multiple processes simultaneously (with use of Ctrl or shift keys) and you can't do that with Task Manager!

Thanks TopperID, very informative, and also very much appreciated.

-{ Quote: "The A2 Guard and the AVG-AS Guard are entirely different products. The AVG-AS Guard is a signature scanner looking for known malware types, similar to an AV, there is no question of behaviour analysis or IDS. What the future holds I cannot know, but for the present the Guard does what I require and it is the only security measure on my box that I never disable - no matter what I'm installing. If you run something the Guard will scan it - so even if you make a mistake with your execution protection, at least you have another chance to stop the baddie." }-

Indeed, and does it very well. When i first installed it some months ago and began noticing some of my confiement files wouldn't launch i became suspicious at first, then i traced the root cause to the "Guard". It is as you say a "security measure" that is very welcome indeed IMO.

Just saw your post here EASTER, and I see more now the possible need for both PG Free and AVG AS. If I'm understanding right, lets say a fast clicker like myself lets something execute by accident with PG Free, than AVG AS would most likely alert me, correct?

Here's what I received as answer from Grisoft at least about the RealTime Heuristics. And a very fast one at that. Only took 1 day.

Dear Sir/Madam,

Thank you for your email.

If "Use Heuristic Analysis" option is enabled in the AVG Resident
shield settings, it's applied on the both real time anti-virus and
anti-spyware protections.

Heuristic analysis can be enabled/disabled as follows:
- open AVG Control Center
- double click on the Resident Shield component
- tick/untick "Use Heuristic Analysis"
- confirm the dialog by OK button

The answer given does not apply to the AVG-AS standalone product, since you do not have a "Use Heuristic Analysis" option in the AVG-AS Resident shield settings! :'(

You only have it in the 'demand scanner' settings.

So I'm afraid Grisoft are describing an entirely different product. >:(

Maybe they should take a little longer over their answers and think them through more carefully in future - assuming your question was posed accurately of course! :P

Hi, folks: You are right, TopperID. I think the reply from Grisoft probably referring to another product, AVG ant-malware, which includes AVG AV and AS. If it is true, I am truly sadden by this unfortunate mixup of their own making. You got to know your own products before giving any advice to your clients.;D

Yeah you got to know your own products before giving any advice to your clients, so it isn't my fault TopperID. LOL. I did forget to mention in my post that I had asked them this question regarding my AVG ISS. I would however, think it would also still be used in the AVG AS Guard, right? I will ask them and get back to everyone about it.

-{ Quote: "Yeah you got to know your own products before giving any advice to your clients, so it isn't my fault TopperID. LOL. I did forget to mention in my post that I had asked them this question regarding my AVG ISS. I would however, think it would also still be used in the AVG AS Guard, right? I will ask them and get back to everyone about it." }-
AVG AS is designed by a different team, therefore the options in the AS guard are not the same as the options in AVG Anti-Malware and ISS....

Hi, folks: In other words, AVG AS could become an orphan eventually ? Less and less work will be poured into AVG AS, while AVG Antimalwares and others will get all the juices they desire ?:-[ I notice that reps from ex-Ewido are making fewer and fewer appearances here at their forum, is this Ewido official forum still on their agenda at all? ???

I have sent the question of whether or not AVG Anti-Spyware also uses Heuristics for RealTime detection. I even asked them about the plans that Ewido had back in 2006 for Behavioral HIPS detection.

This is the latest response from Grisoft about my original post.

~Private e-mail removed....Bubba~

They are saying any product with the Antispyware uses Heuristics and HIPS. Strange this isn't mentioned on their website, as it would most likely help sales. It does of course mention "Cutting Edge Technology" for spyware detection. I must add that the response was very quick.

Duke,

I'm told by ewido team that:

The heuristic function of the AVG Anti-Spyware is currently available only for
the on Demand scanning.

You should email ewido instead of Grisoft. :D

Hope this clears things up for you.

Well I gotta say KikiBibi, that after looking at the actual response again it did seem a little less clear than I had originally thought. I believe they are just saying that any of the AVG AS products use the same detection system to find and identify spyware. They are also saying that the HIPS and RealTime Heurstics analysis should currently be running in the AVG AS scanning engine. Scanning engine could mean each file as it is opened, but now with what you are saying about Ewido's response I don't know. Oh well maybe some other people will chime in with help on this. It was also said that some changes have already been implemented, and to stay tuned for new changes to come.

I will put this question to karl.ewido as I see he is responding in this forum and may know the answer. Does AVG Ant-Spyware use Heuristics and any type of HIPS in RealTime? I have received a yes to this question from a Grisoft Rep recently, but as posted earlier by another member of Wilders who has Ewido AS, according to the ewido team it only uses Heuristics for on demand. I mean no disrespect here, but I believe this is important information for all AVG users and needs to be clarified as soon as possible. So if you could help with the correct answer it would greatly be appreciated.

I now learned there are no Heuristics used for RealTime Detection. They are only used for On Demand.

-{ Quote: "I now learned there are no Heuristics used for RealTime Detection. They are only used for On Demand." }-
Yep, no HIPS either. I believe I did catch AVG Anti-Malware detecting a trojan by heuristic detection in real-time (Ewido-style, the naming was defintely Ewido), but no signs of any HIPS.