Avira AntiVir ProActive

[waters]

Just had email from them inviting me to test the new product so will try it

[Macstorm]

same here

Quote:

Avira AntiVir ProActive

What is Avira AntiVir ProActive?

Avira AntiVir ProActive is a new Avira technology for detecting malware based on its behavior. AntiVir ProActive is monitoring on-access those areas of your system, which are usually attacked by malware. All activities in the target areas are registered by sensors and reported to the rules base, to determine if the activities were indeed caused by malware. If there are activities of virulent origin, Avira AntiVir ProActive blocks them.

Avira AntiVir ProActive completes the existing signature-based, generic and heuristic detection processes, with an advanced method meant to effectively protect you against infection with unknown malware.

Please note, that due to its behavior-based approach, Avira AntiVir ProActive cannot guarantee 100% malware detection. It may happen that some malware is not detected or that some clean files are erroneously reported as malware.

Objectives of the beta test
Basically, the beta test has two objectives:

First, we need to know how stable and performing the system is. Avira AntiVir ProActive monitors numerous interfaces of the operating system. Thus, problems with other programs or with certain system configurations cannot be excluded. We would like the testers to report any crashes or serious loss in performance, relating to such incompatibilities, they might observe.

Secondly, we expect feedback about the detection performance of the program. For the beginning, the test program has just a basic set of rules. So it is to be expected, that only a few files will be reported as malware. Please turn your attention mainly to false positives, i.e. to programs falsely identified as malware. During this phase, the system sends us data, which help us enhance and fine-tune the set of rules (see also “Data transfer and data protection”). These extended rules sets will be made available in a further phase of the beta test.

Installation requirements
Please note that this beta product can be installed only on Windows XP, 32 Bit with SP 2 or above. A later beta version will also support Windows 2000, Windows Vista and Windows 7.
Uninstall any antivirus software from your system, before installing this beta version.
For the beginning, use only the firewall integrated in Windows XP.
Make sure that your PC is connected to the Internet during the beta test.

Data transfer and data protection
Avira AntiVir ProActive sends potentially dangerous rated files to an Avira Server. The affected files are exclusively executable programs and scripts. No emails, personal documents or similar data files are transferred. The transferred information is exclusively used for a closer malware analysis and for improving the rules set.

The data transfer is absolutely anonymous and does not allow any conclusion on the sender. Even indirect details, such as protocol or the computer’s IP address, are not stored.

Only a small group of Avira malware researchers can access the transmitted files, to analyze the malware, in a hermetically isolated network. The data will not be forwarded to third parties.

With the installation of the beta version, you give Avira permission to perform an automatic background transfer of the files being detected as potentially dangerous, to its backend system. Similar to the usage of an online backup solution, there is no infringement when uploading copyrighted files.

[Jin K]

i just wanna say this bye bye kaspersky

[waters]

Jumped too soon,will have to wait for the later one for win 7

[3DFireStarteR]

Quote:

Originally Posted by Jin K

i just wanna say this bye bye kaspersky

Probably not, Kaspersky is adding some new tech in its new version soon.

[RejZoR]

I assume there is no hope for his feature to end up in a free version of AVIRA... ?

[aigle]

Any screenshots?

[Jin K]

Quote:

Originally Posted by 3DFireStarteR

Probably not, Kaspersky is adding some new tech in its new version soon.

they are just adding some garbage everytime with a hundred of error and bugs i was a kaspersky fan 1 day but not now!! they just dont even want to update their existing features!! look at their hips for now its a garbage and they dont want to release any update to it!!

i get about 30 or sometime 50 new malware daily believe me kaspersky is doing bad even twister av like what a man called raoh said in their forum is doing much better than this ****

for me kaspersky is dead

[Leo2005]

Quote:

Originally Posted by RejZoR

I assume there is no hope for his feature to end up in a free version of AVIRA... ?

it will be in the free version.
in fact the free version is the one which is in beta now.

[ance]

Quote:

Originally Posted by Leo2005

it will be in the free version.

Avira ProActive in the free version?

[333halfevil]

Wowie

So now free security can be just as good as paid

Avira Personal and ProActiv +AVG Linkscanner + Free firewall with HIPS like Comodo or Online Armor and you have a winning combo

What do vendors have to gain from free users though? I mean companies like Comodo, Avira and AVG, how do they make money from these free softwares?

[Martijn2]

Quote:

Originally Posted by 333halfevil

Wowie

So now free security can be just as good as paid

Avira Personal and ProActiv +AVG Linkscanner + Free firewall with HIPS like Comodo or Online Armor and you have a winning combo

What do vendors have to gain from free users though? I mean companies like Comodo, Avira and AVG, how do they make money from these free softwares?

I think by showing that their product is good, which in turn temps people to get a even better solution (the 'professional' paid version). You can see the free version as a advertisement for the paid one

[Baz_kasp]

Quote:

Originally Posted by Jin K

for me kaspersky is dead

For you maybe...not for the rest of the world

1. HIPS gets standard updates all the time.

2. V2010 (due for release soon...) has more HIPS improvements including new detection methods and an extra form of heuristics that just got granted a patent in the USA. (Kaspersky don't update their HIPS, right...it's complete garbage!....in fact it's so bad- read about a recent test here- http://www.wilderssecurity.com/showt...ight=HIPS+test)

3. Proactive defense just got another bump with extra detection features.

4. Heuristics detects and blocks more things on execution (with a HEUR verdict) so if it isn't detected via right click, doesn't mean it will not be blocked)

5. Every software has bugs, including the beloved Avira

6. Twister might be doing well for a relatively unknown company and good for them....but unfortunately I don't see them making any effort to make themselves known in Europe or the USA and am almost certain they could not cope with an influx of customers from these areas.... if FDDS detects some things that you think Kaspersky HIPS doesn't...then I can almost certainly reply with more samples that HIPS does but FDDS doesn't...it's almost certainly a two way street. In fact, I could probably write a batch file that could disable said antivirus and most of the others who haven't bothered with a decent self defense and in that case there is no point in all the fancy detections if all a malware has to do to bypass you is delete your updates folder.


You might have beef with certain pieces of software but at least try to keep your comments in perspective.




Has anyone got screens from this beta thing, perhaps Stefan would like to comment- is it full HIPS or more like "anti-bot" style tool?

[Jin K]

1. HIPS gets standard updates all the time.

oh yeh update on the air

2. V2010 (due for release soon...) has more HIPS improvements including new detection methods and an extra form of heuristics that just got granted a patent in the USA. (Kaspersky don't update their HIPS, right...it's complete garbage!....in fact it's so bad- read about a recent test here- http://www.wilderssecurity.com/showt...ight=HIPS+test)

can i ask you a question

is this what you called hips improvements are now included with v2010 because it gives the same result as v2009

also im talking here about 30 to 50 samples daily not 10 samples !!!

3. Proactive defense just got another bump with extra detection features.

even the PDM that in V7 is much better than this hahaha the PDM in V10 until now its like a pic in the program

4. Heuristics detects and blocks more things on execution (with a HEUR verdict) so if it isn't detected via right click, doesn't mean it will not be blocked)

oh yeh believe me not even a single sample that was detected on execution by heur

5. Every software has bugs, including the beloved Avira

oh yeh but at least when they detect a bug they fix it not generating more!!

6. Twister might be doing well for a relatively unknown company and good for them....but unfortunately I don't see them making any effort to make themselves known in Europe or the USA and am almost certain they could not cope with an influx of customers from these areas.... if FDDS detects some things that you think Kaspersky HIPS doesn't...then I can almost certainly reply with more samples that HIPS does but FDDS doesn't...it's almost certainly a two way street. In fact, I could probably write a batch file that could disable said antivirus and most of the others who haven't bothered with a decent self defense and in that case there is no point in all the fancy detections if all a malware has to do to bypass you is delete your updates folder.


You might have beef with certain pieces of software but at least try to keep your comments in perspective.


even the mighty self-defence of kaspersky can be killed by a lot of malwares ، also if you got a decent detection and hips you can block the batch that you said and for me kaspersky has faild on both of them look at its score on AV-COMPARATIVES its getting bad everytime

symantec ، mcafee ، avira ، bitdefender ، nod32 are getting better and look at them now

while kaspersky is getting bad

also this is my opinion if you dont like it leave it

[lordpake]

How come Avira thread just turned into Kaspersky bashing

[andyman35]

Quote:

Originally Posted by Leo2005

it will be in the free version.
in fact the free version is the one which is in beta now.

Really? If that's the case Avira free will blow away many more paid rivals.

[ance]

Quote:

Originally Posted by lordpake

How come Avira thread just turned into Kaspersky bashing

Interesting question

Quote:

Originally Posted by andyman35

Really? If that's the case Avira free will blow away many more paid rivals.

I also think so

[icr]

@ Jin K
calm down dude if you don't like it just uninstall it no reason for bashing

[Nizarawi]

can anyone send me a link for download avira proaktiv plz

i registre to beta tester but i still wait the confirmation

[Kees1958]

@ Nizarawl

Go to this link and log-in, you will find it in the download section of the beta corner. http://betatest.avira.com/pages/index.php


@Aigle

See pic

Not much to show really, just setting sensitivity (low, medium, high( and blocked/allowed programs. My guess from the description is that it has sensors for vulnerable system area's. Accessing them, triggers an rule based behavior decision. Possibly each trigger adds up to the bad behaviour score (like the Isrealian HIPS Neouava Guard did), files collecting to much bad behaviour points with a random, not recognised, pattern are send to central analysis servers. Interesting cases are analysed by human experts. Recognised patterns are stopped. Sort of same way an inversion engine works in artifiical intelligence diagnosis systems (e.g. AI medical applications for heart surgery).

Such an approach would have few false positives. Considering Avira is German and does a lot research with Universities, and Germany also has a large chemical/medicine industry, it would make sense this knowledge would cross over (and would kick start their development).

[raven211]

Quote:

Originally Posted by Kees1958

@ Nizarawl

Go to this link and log-in, you will find it in the download section of the beta corner. http://betatest.avira.com/pages/index.php


@Aigle

See pic

Not much to show really, just setting sensitivity (low, medium, high( and blocked/allowed programs. My guess from the description is that it has sensors for vulnerable system area's. Accessing them, triggers an rule based behavior decision. Possibly each trigger adds up to the bad behaviour score (like the Isrealian HIPS Neouava Guard did), files collecting to much bad behaviour points with a random, not recognised, pattern are send to central analysis servers. Interesting cases are analysed by human experts. Recognised patterns are stopped. Sort of same way an inversion engine works in artifiical intelligence diagnosis systems (e.g. AI medical applications for heart surgery).

Such an approach would have few false positives. Considering Avira is German and does a lot research with Universities, and Germany also has a large chemical/medicine industry, it would make sense this knowledge would cross over (and would kick start their development).

Is medium the default level for Avira ProActive? What setting do you've it set to and how is it working out for you?

[aigle]

Quote:

Originally Posted by Kees1958

@Aigle

See pic

Not much to show really, just setting sensitivity (low, medium, high( and blocked/allowed programs. My guess from the description is that it has sensors for vulnerable system area's. Accessing them, triggers an rule based behavior decision. Possibly each trigger adds up to the bad behaviour score (like the Isrealian HIPS Neouava Guard did), files collecting to much bad behaviour points with a random, not recognised, pattern are send to central analysis servers. Interesting cases are analysed by human experts. Recognised patterns are stopped. Sort of same way an inversion engine works in artifiical intelligence diagnosis systems (e.g. AI medical applications for heart surgery).

Such an approach would have few false positives. Considering Avira is German and does a lot research with Universities, and Germany also has a large chemical/medicine industry, it would make sense this knowledge would cross over (and would kick start their development).

Thanks.

Not sure how good it will be. I thought it might be something like TF or Mamutu but it seems not so good. Let,s wait n see.

Quote:

(like the Isrealian HIPS Neouava Guard did)

BTW Neoava Guard was Iranian not Isrealian.

[cupez80]

has anyone has screenshot of AVIRA ProActiv warning ? i tried several malwares but still no warning from AVIRA ProActiv....

[ance]

Quote:

Originally Posted by aigle

Not sure how good it will be. I thought it might be something like TF or Mamutu but it seems not so good. Let,s wait n see.

That's an interesting question

[Kees1958]

Quote:

Originally Posted by aigle

Thanks.

Not sure how good it will be. I thought it might be something like TF or Mamutu but it seems not so good. Let,s wait n see.

BTW Neoava Guard was Iranian not Isealian.

Oops he would not like that, apologise for that

Well Mamutu and TF are quite different, Mamutu used to kick in much earlier, only with intelligent reduction it was quiter. TF is the norm to beat in behavioral blocking (using pattern recognistion for all).

It seems that time has changed perception on behavioral blockers (pattern recognition for limited)
1) PRSC -> AVG ID: new check at install of files for known malware and sample collection for programs in the grey zone, this to filter out known bad ones and tune internal rules.

2) PrevX3: really a smart break through by using AGE sensitivity (it makes sense to only monitor behavior of zero day and zero hour, so skip older programs which are likely to be found by blacklist scanner).

3) PrevX/Panda Cloud: collects suspicious behaviour, by analysing it on central servers, this reduces the time between a malware is launched in the wild and the detection, simply because all new programs are analysed. The succes of rootkist came from teh fact that the were not known, so rumours of a rootkit being in the wild and the first detection (after install they were not trackable by traditional AV), could take two to three months! For an Av it is much easier to fight a malware when they know its characteristics. The AV simply provides a specific desinfection for the machines having send a trigger. PrevX also works on this principle.

My educated guess is that proactive also takes the above approach (most likely 3, possibly also 1). After all three (AVG, Prevx Panda) have an AV to assist them. TF also experimented with an AV, but they used it to filter out bad ones/malware at first intrusion. Their pattern recognition was so good, it did not increase detection rate. The smart thing of the others is that they do not use it to increase detection rate, but lower False Positives and system load. Only A2 is somewhere stuck in between, but I am sure they will learn from their competitors.