???
hi, wilders security forums buddies,

I've heard avast doens't use advanced heuristic detection engine. Is that true? if this is the truth when avast thinks to change it? every one knows the advanced Heuristic detection Engine - Protects against unknown viruses because the most advanced antivirus machine employs the latest heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then the application will disinfect the file or recommend it for quarantine.This is a quantum leap in the battle against malicious scripts and programs as it allows the engine to 'predict' the existence of new viruses- even if it isn't contained in the current virus database. this is the formula to be the most efficient antivirus.I expect this truth will shift sooner.as I read in the avast support forum, perhaps only the avast 5.0 will proceed with that "proactive detection (or, rather, prevention of zero day malware) is (as already announced) one of the hottest topic of the new version. But of course, even the current version of avast ( 4.8 ) engine contains a couple of methods designed to tackle yet-unknown malware."
best regards.


ps: for the time being what should I use to be protected against unknown viruses ?

8)

I dunno whether Avast lacks heuristics or what, but you can always install a behavioral blocker in addition to your anti-virus, like ThreatFire or Norton Anti-Bot / PRSC.

{QUOTE-> ???
hi, wilders security forums buddies,

I've heard avast doens't use advanced heuristic detection engine. Is that true? if this is the truth when avast thinks to change it? every one knows the advanced Heuristic detection Engine - Protects against unknown viruses because the most advanced antivirus machine employs the latest heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then the application will disinfect the file or recommend it for quarantine.This is a quantum leap in the battle against malicious scripts and programs as it allows the engine to 'predict' the existence of new viruses- even if it isn't contained in the current virus database. this is the formula to be the most efficient antivirus.I expect this truth will shift sooner.as I read in the avast support forum, perhaps only the avast 5.0 will proceed with that "proactive detection (or, rather, prevention of zero day malware) is (as already announced) one of the hottest topic of the new version. But of course, even the current version of avast ( 4.8 ) engine contains a couple of methods designed to tackle yet-unknown malware."
best regards.


ps: for the time being what should I use to be protected against unknown viruses ?

8) <-QUOTE}
Just because it currently doesnt have heuristics doesnt mean it isnt as good as those that do.I remember AVG always used heuristics but their 6 version wasnt that good at detection when it was up against other avs that didnt have heuristics but had better and more sig updates.Apparently it will have heuristics in version 5 .Until then im completely happy using avast .
ellison

Anyone around here actually know what heuristics do? I think not, or else they are not talking because the AV companies keep this stuff a secret. Most likely, it just flags packed and crypted executables.

{QUOTE-> Anyone around here actually know what heuristics do? <-QUOTE}There are those that can give a proper explanation such as The Inspector for instance.

{QUOTE-> There are those that can give a proper explanation such as The Inspector for instance. <-QUOTE}

I think Mr.Wikipedia (http://en.wikipedia.org/wiki/Heuristic_analysis) will be able to answer.;D

SourMilk's heuristic example for dummies like himself:

If it walks like a duck, quacks like a duck, looks like a duck - then it is a duck UNLESS it's a virtual duck then it's Donald Duck.

SourMilk out

A new feature of version 4 is heuristic analysis of e-mail scanners. This feature can protect against new, unknown viruses and worms that are not possible to detect by the usual means. The heuristic module performs a thorough investigation of every e-mail message and watches for suspicious signs, that might announce virus presence. When the number of those signs exceeds a user-defined level, the message is considered dangerous and the user is warned. (http://www.avast.com/eng/avast-free-home-antivirus-antispyware.html)

Now, Avast probably doesn't know what they are advertising... (http://forum.avast.com/index.php?topic=37044.msg310321#msg310321) ;D

{QUOTE-> I think Mr.Wikipedia (http://en.wikipedia.org/wiki/Heuristic_analysis) will be able to answer.;D <-QUOTE}

That is what they say. I kind of doubt it, except for those AV's that actually say they do things that way. Even so, all of the latest AV's are filled with features that have vague descriptions. Every time some new feature is discussed nobody seems to know exactly what is going on.

No doubt in my mind the Inspector knows a bunch, but he might not be at liberty to say anything around here. I hope he is enjoying the Florida sun.

Practically every AV on the market today (avast including) uses some kind of proactive detection. The way you call it (heuristics, generic signatures, fuzzy matching, ...) is somewhat irrelevant.

But if you're refering to an active emulator (aka Advanced Heuristics in the sense of Nod32) then avast doesn't currently use one (at least for the main detection). Is it a bad thing? I'm not sure. But I'm quite sure it can be quite efficient even without it.

Cheers
Vlk

BTW if you have some time (and are somewhat computer proficient) you can read this classic thread of Technodrome

http://www.wilderssecurity.com/showthread.php?t=2892

Dated, but still very interesting (and ~99% accurate). Reply #7 discusses heuristics.

More interesting than standard heuristics (even though they are nice) are behavior based detection methods. They are somehow harder to bypass since they aren't sensitive to crypters and packers. But they also have their own drawbacks... From last known info avast! 5 is going to build on behavior based system. I'm really looking forward for first beta versions to see how the progress is going.

{QUOTE-> BTW if you have some time (and are somewhat computer proficient) you can read this classic thread of Technodrome

http://www.wilderssecurity.com/showthread.php?t=2892

Dated, but still very interesting (and ~99% accurate). Reply #7 discusses heuristics. <-QUOTE}
good read ;)

they should bring back the ice name. ;)

{QUOTE-> More interesting than standard heuristics (even though they are nice) are behavior based detection methods. They are somehow harder to bypass since they aren't sensitive to crypters and packers. But they also have their own drawbacks... From last known info avast! 5 is going to build on behavior based system. I'm really looking forward for first beta versions to see how the progress is going. <-QUOTE}

I've seen heuristics of well-known AVs get bypassed extremely easily with a little packing and hex-editing, which doesn't affect most Behaviour blockers and HIPS. Nowadays Heuristics should always be used with behaviour blockers/HIPS functions.

it was confirmed from avast technical department that avast 4.8 home or professional does not use heuristic analysis for it's detection. they use definition and generic detections only. that's what lacking avast compared to competitors like AVG 8.0, Avira, ESET, Kaspersky and others. but according to avast heuristic analysis is like plain guessing. THREATfire is not using heuristic either, it uses behavioral analysis. analysing the behavior of the program being run if it can cause damage or act abnormally.

do you know guys if when is the release of avast 5.0 which i think uses advanced heuristics?


by the way if you want a good anti virus with advanced heuristic analysis you better go to avira, nod32 or avg. they have less false positive issues.

{QUOTE-> it was confirmed from avast technical department that avast 4.8 home or professional does not use heuristic analysis for it's detection. they use definition and generic detections only. that's what lacking avast compared to competitors like AVG 8.0, Avira, ESET, Kaspersky and others. but according to avast heuristic analysis is like plain guessing. THREATfire is not using heuristic either, it uses behavioral analysis. analysing the behavior of the program being run if it can cause damage or act abnormally.

do you know guys if when is the release of avast 5.0 which i think uses advanced heuristics?


by the way if you want a good anti virus with advanced heuristic analysis you better go to avira, nod32 or avg. they have less false positive issues. <-QUOTE}

Isn't behavioral analysis (as you defined it here) a bit similar to the advanced heuristics of an antivirus (except it checks code in a "virtual environment")?

{QUOTE-> it was confirmed from avast technical department that avast 4.8 home or professional does not use heuristic analysis for it's detection. they use definition and generic detections only. that's what lacking avast compared to competitors like AVG 8.0, Avira, ESET, Kaspersky and others. <-QUOTE}
There's no such thing as a "disadvantage" even if a product doesn't use dynamic emulation heuristics. The thing that matters is the final detection rate, not how much percentage of malware that a product can detect is done so "heuristically".

I'd go as far as to say that, as far as the end user is concerned, heuristics is nothing but a marketing buzzword, since it doesn't mean much anymore. The latest malware variants produced by professional malware-writing groups specifically tweak their creations to bypass the detections of mainstream vendors – and they succeed again and again – no matter how "advanced" those vendors claim their heuristics to be. Of those vendors you mentioned (AVG, Avira, ESET, Kaspersky), how many of them have heuristics that perform well against the latest Zlob, WinAntiVirus, Swizzor and Vapsup variants? None. How many of them rely on quickly updating their "traditional", non-heuristics detection signatures to fight those variants? All of them. Obviously emulation heuristics has served no purpose here at all.

{QUOTE-> There's no such thing as a "disadvantage" even if a product doesn't use dynamic emulation heuristics. The thing that matters is the final detection rate, not how much percentage of malware that a product can detect is done so "heuristically".

I'd go as far as to say that, as far as the end user is concerned, heuristics is nothing but a marketing buzzword, since it doesn't mean much anymore. The latest malware variants produced by professional malware-writing groups specifically tweak their creations to bypass the detections of mainstream vendors – and they succeed again and again – no matter how "advanced" those vendors claim their heuristics to be. Of those vendors you mentioned (AVG, Avira, ESET, Kaspersky), how many of them have heuristics that perform well against the latest Zlob, WinAntiVirus, Swizzor and Vapsup variants? None. How many of them rely on quickly updating their "traditional", non-heuristics detection signatures to fight those variants? All of them. Obviously emulation heuristics has served no purpose here at all. <-QUOTE}

Nonsense. Malware-writing groups are not as powerful as your contend, but your statement does feed the paranoia of this site. The reality is, there are statistically significant heuristic algorithms that do stop the vast majority of malware along with signatures. Many here have never been infected with anything- including me. The risk of malware infection is much smaller than the "sky is falling" group of promoters in the security industry want you to believe.

{QUOTE-> Nonsense. Malware-writing groups are not as powerful as your contend, but your statement does feed the paranoia of this site. The reality is, there are statistically significant heuristic algorithms that do stop the vast majority of malware along with signatures. Many here have never been infected with anything- including me. The risk of malware infection is much smaller than the "sky is falling" group of promoters in the security industry want you to believe. <-QUOTE}
I agree with you that the chances of a infection for any regular surfer are small.Add a little knowledge and they are minimum.
Go to a publick bittorrent tracker,limewire ,download an application,and you'll see that heuristic are a joke.They don't detect nothing.Ids,hips ,sandboxes are needed.The average users downloading from there,and they are quite many i belive ,don't have a chance,using only an signature-heuristic product.

{QUOTE-> There's no such thing as a "disadvantage" even if a product doesn't use dynamic emulation heuristics. The thing that matters is the final detection rate, not how much percentage of malware that a product can detect is done so "heuristically".

I'd go as far as to say that, as far as the end user is concerned, heuristics is nothing but a marketing buzzword, since it doesn't mean much anymore. The latest malware variants produced by professional malware-writing groups specifically tweak their creations to bypass the detections of mainstream vendors – and they succeed again and again – no matter how "advanced" those vendors claim their heuristics to be. Of those vendors you mentioned (AVG, Avira, ESET, Kaspersky), how many of them have heuristics that perform well against the latest Zlob, WinAntiVirus, Swizzor and Vapsup variants? None. How many of them rely on quickly updating their "traditional", non-heuristics detection signatures to fight those variants? All of them. Obviously emulation heuristics has served no purpose here at all. <-QUOTE}im not saying that anti virus with advanced heuristic is better than avast. im saying that THATS WHAT AVAST IS LACKING COMPARED TO OTHER ANTI VIRUS. AND I ALSO STATE THAT IF YOU WANT A GOOD ANTI VIRUS WITH ADVANCED HEURISTIC YOU CAN CHOOSE FROM THE ONE I RECOMMEND. I DID NOT SAY THAT YOU PATRONIZE THOSE ANTI VIRUS. IT'S JUST A SUGGESTION.

See this thread for information about Avast! Version 5:
http://forum.avast.com/index.php?topic=37002.0

{QUOTE-> im not saying that anti virus with advanced heuristic is better than avast. im saying that THATS WHAT AVAST IS LACKING COMPARED TO OTHER ANTI VIRUS. AND I ALSO STATE THAT IF YOU WANT A GOOD ANTI VIRUS WITH ADVANCED HEURISTIC YOU CAN CHOOSE FROM THE ONE I RECOMMEND. I DID NOT SAY THAT YOU PATRONIZE THOSE ANTI VIRUS. IT'S JUST A SUGGESTION. <-QUOTE}
I'm not patronizing those products at all; in fact, I regularly recommend Avira, Kaspersky and AVG to other people. I'm just trying to explain that emulator-based heuristics are actually far from the ultimate, must-have weapon in the fight against malware as many people seem to believe. If a product can detect a virus, then it doesn't matter whether the detection was due to signatures, heuristics, generic detection, packer detection, or whatnot. If a product cannot detect a virus, then it doesn't matter if it has the best heuristics in the universe. What ultimately matters in the end is whether a product can or cannot detect something, and emulator heuristics is only one of the many methods used to achieve this end.

Folks,

A couple of off-topic personally directed posts removed. Please keep the discussion product/technically based.

Blue

{QUOTE-> BTW if you have some time (and are somewhat computer proficient) you can read this classic thread of Technodrome

http://www.wilderssecurity.com/showthread.php?t=2892

Dated, but still very interesting (and ~99% accurate). Reply #7 discusses heuristics. <-QUOTE}


@ Moderators and early hour members

I remember some interesting old treads of expert members and moderators. Reading this one I know for sure I have missed a lot of them. Would it be possible to open a sticky with links to these old but interesting posts?

Thx Kees

{QUOTE-> I'm not patronizing those products at all; in fact, I regularly recommend Avira, Kaspersky and AVG to other people. I'm just trying to explain that emulator-based heuristics are actually far from the ultimate, must-have weapon in the fight against malware as many people seem to believe. If a product can detect a virus, then it doesn't matter whether the detection was due to signatures, heuristics, generic detection, packer detection, or whatnot. If a product cannot detect a virus, then it doesn't matter if it has the best heuristics in the universe. What ultimately matters in the end is whether a product can or cannot detect something, and emulator heuristics is only one of the many methods used to achieve this end. <-QUOTE}

I agree all that matters is detection- that is what ever mattered or should matter. Of course heuristics are far from the ultimate, virtually everyone knows that at Wilder's and does not rely on them alone.

im not saying that those software that uses heuristic are the best. im just stating that other products uses heuristic and that lacks avast. but i did not say that its better. just as i said avast explained that heuristic is plain guessing only. why bothering too much? are you trying to prove something? then create your own post

{QUOTE-> There's no such thing as a "disadvantage" even if a product doesn't use dynamic emulation heuristics. The thing that matters is the final detection rate, not how much percentage of malware that a product can detect is done so "heuristically".

I'd go as far as to say that, as far as the end user is concerned, heuristics is nothing but a marketing buzzword, since it doesn't mean much anymore. The latest malware variants produced by professional malware-writing groups specifically tweak their creations to bypass the detections of mainstream vendors – and they succeed again and again – no matter how "advanced" those vendors claim their heuristics to be. Of those vendors you mentioned (AVG, Avira, ESET, Kaspersky), how many of them have heuristics that perform well against the latest Zlob, WinAntiVirus, Swizzor and Vapsup variants? None. How many of them rely on quickly updating their "traditional", non-heuristics detection signatures to fight those variants? All of them. Obviously emulation heuristics has served no purpose here at all. <-QUOTE}


I agree 100% with you on this, the technology used to achieve the detection is irrelvant to some extent, the bottom line is the detection itself. Not how but that it happens effectively. I think a further point to this is not only detection rates but also the ability for a technology to efficiently and thoroughly remove anything that gets detected after some damage to files has occured. This is a good thread and I am enjoying it.

All I know is that Avast does very well at Shadowserver.Org on detecting zero day malware. I don't know which technology, but it works whatever it is. IMO, what Shadowserver is doing is more relevant than proactive testing with intentionally out of date signature files. After all, we don't run out of date signature files.

{QUOTE-> why doens't avast use advanced heuristic detection engine yet? <-QUOTE}

oh, God...again :o

http://www.wilderssecurity.com/showpost.php?p=1175260&postcount=8

{QUOTE-> All I know is that Avast does very well at Shadowserver.Org on detecting zero day malware. I don't know which technology, but it works whatever it is. IMO, what Shadowserver is doing is more relevant than proactive testing with intentionally out of date signature files. After all, we don't run out of date signature files. <-QUOTE}

Avast doing well? I don't think so. On a yearly basis (large sample size) they are dead last and a disgrace compared to Avira and several others.

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats

{QUOTE-> Avast doing well? I don't think so. On a yearly basis (large sample size) they are dead last and a disgrace compared to Avira and several others.

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusYearlyStats <-QUOTE}
oh god not test results again....
cmon avast is on there twice, that seems strange in itself.

{QUOTE-> oh god not test results again....
cmon avast is on there twice, that seems strange in itself. <-QUOTE}

If Kaspersky was better than middle of the pack mediocre, you might like the test results?

{QUOTE->
cmon avast is on there twice, that seems strange in itself. <-QUOTE}

Yeah, one is the commercial version and the other is free, as clearly stated there. The 70 % pt. margin between them makes me wonder WTH are they ripping of the free one... >:(

According to Alwil website, the only difference between commercial/free would be script blocker and that shouldn't make any difference in detection percentages. Suspicious indeed. ::)

{QUOTE-> According to Alwil website, the only difference between commercial/free would be script blocker and that shouldn't make any difference in detection percentages. Suspicious indeed. ::) <-QUOTE}
The facts do not matter. The truth that Shadowserver is a shoddily-performed unscientific test is insignificant and should be ignored. As long as Avira continues to make other products look like a disgrace, that is more than enough for some people to blindly accept the test at face value and denounce the unbelievers for their "jealousy".

{QUOTE-> Yeah, one is the commercial version and the other is free, as clearly stated there. The 70 % pt. margin between them makes me wonder WTH are they ripping of the free one... >:( <-QUOTE}
BS
avast home and pro both have the same detection rate.
the low scoring avast could be a linux version. i think someone from avast should find out.

{QUOTE-> BS!!
avast home and pro both have detection rate.
<-QUOTE}

Yeah, and KAV has a detection rate as well... And echo command as well has a detection rate - 0% that is. Thanks for the valuable contribution... :P ::)

{QUOTE-> If Kaspersky was better than middle of the pack mediocre, you might like the test results? <-QUOTE}

Would you still consider shadowserver as reliable if Avira would'nt be at top5?

{QUOTE-> If Kaspersky was better than middle of the pack mediocre, you might like the test results? <-QUOTE}
dont go off topic.
im discussing the thread subject which is avast and proactive detection.the fact that avastis on the list twice makes me think twice about the credibility of the test.

why doesn't avast use advanced heuristic detection engine yet?

{QUOTE-> EraserHW

oh, God...again

http://www.wilderssecurity.com/showp...60&postcount=8 <-QUOTE}


Why using a advanced heuristic detection engine.

:thumb:

Avast Pro and Free uses same engine just like Avira.

{QUOTE-> BS
avast home and pro both have the same detection rate.
the low scoring avast could be a linux version. i think someone from avast should find out. <-QUOTE}

Lodore is right. I posted info on this previously.
http://www.wilderssecurity.com/showthread.php?p=1261320#post1261320

Shadowserver is using a linux version of avast which has lower detection capabilities than avast! Home or Professional.

Shadowserver is also using Kaspersky Anti-Virus for File Server, version 5.5.18, and not the most recent version many users are using here.

:)

???

hi, buddies,
what about the threatfire, drivesentry, geswall (freeware), spyware terminator and ssm (system safety monitor) because I read good opinions abouth them? I meant in order to furnish extra protections to the avast av scanner due to lack of heuristics scan at the moment ( avast 5.0 will have proactive protection).they have stated they protect very well te pc against threats and malwares and they supply what a regular antivirus doesn't make. are they a good combination with avast and superantispyware? could you give to us your hints and experience about hardening it? I mean something with low resources not to get your pc a tortoise to harden it. best regards.

8)

@Carioca

Your inquiries deserve its own thread ;)

{QUOTE-> @Carioca

Your inquiries deserve its own thread ;) <-QUOTE}Yes it does indeed.