Non-signatures/heuristics of AVs/suites, comparison

[Fly]

I've been using the Avira security suite for a while, and for as far as I know it depends, aside from the webguard, on signatures and heuristics.

The high % of detections is very nice, but maybe something is missing.

I remember that McAfee used SystemGuards (some kind of HIPS), although most of it was disabled by default.

Usually I tend to judge AVs/suites on how well they perform in av-comparatives.

I wonder if there is some kind of list of other security features in AVs and suites.

Or perhaps we could create one. I presume there is no independent and objective test of those features ?

99 % detection is very nice, but it doesn't cover new malware for which no signature exists yet.

Btw, I virtually never get infected, and I probably could run without an AV, but I prefer to be prepared.

[risl]

The word "heuristics" usually contains a lot beneath the surface.

"I wonder if there is some kind of list of other security features in AVs and suites."

I don't know if the AV companies want to go into details what is actually happening under the hood and what the engine is actually capable of. Or what kind of technologies are implemented on the lower level.

"99 % detection is very nice, but it doesn't cover new malware for which no signature exists yet. "

This is wrong because in addition to the detection rate achieved by signatures, it is capable of detecting unknown/new malware with some probability by different capabilities of the AV engine(heuristics). This means it is impossible to define accurate detection percentages for some product.

[Fly]

Quote:

Originally Posted by risl

The word "heuristics" usually contains a lot beneath the surface.

"I wonder if there is some kind of list of other security features in AVs and suites."

I don't know if the AV companies want to go into details what is actually happening under the hood and what the engine is actually capable of. Or what kind of technologies are implemented on the lower level.

"99 % detection is very nice, but it doesn't cover new malware for which no signature exists yet. "

This is wrong because in addition to the detection rate achieved by signatures, it is capable of detecting unknown/new malware with some probability by different capabilities of the AV engine(heuristics). This means it is impossible to define accurate detection percentages for some product.

I once read a paper by Eset about heuristics. Very informative, you might want to retrieve it and read it 'heuristic analysis - detecting unknown viruses'

The 99 % I mentioned (Avira) includes the use of heuristics (see av-comparatives).

Some things that heuristics usually don't include: virtual sandbox, HIPS, Kaspersky's program control (not the exact name, I don't recall) etc.