Anyone know anything about Kaspersky getting a new heuristic engine?

That's what I read about on The Kaspersky forums anyway.. sometime later this year (seems to be November or December for a target date) Has anyone else heard anything about this?

Still have 14 days left on my Nod32 trial and to be perfectly honest... still haven't made up my mind, but am leaning toward Nod by the slightest of margins.

That being said... if Kaspersky's indeed working on better heuristics to go hand in hand with their frequent signature updates.. that might be enough to push it ahead. I love their frequent signatures.. but I don't love their inferior heuristics in comparison to Nod.

Thank God I still have two weeks to decide!

 

Well KAV6 Proactive Defense is far from "inferior" against NOD32 heuristics.
It's not a regular heuristic engine but since you won't be running email server that doesn't really change anything.

 

To be fair when I was trialing Kaspersky.... it was with Kaspersky 5 and it didn't yet have the proactive defense... that I can remember anyway?!?

This is the thread and the page of the thread that the new engine is first mentioned.

It's at the bottom of the page (at least the Nov/Dec reference... it's actually talked about a little before that)

http://forum.kaspersky.com/index.php?showtopic=16801&st=0

 

Yes, Kaspersky is developing a new heuristics engine for KAV. This heuristics engine will probably be delivered via regular updates. Most likely KAV 4.5+ and all KAV based products will benefit from the new heuristics engine.

 

The nov/dec date comes straight from the one who is heading the development, so yes it is correct, but as RejZor said, the proactive defense in 6.0 isn't exactly inferior compared to Nod32's heuristics.

 

As far as know u can,t compare heuristics with proactive defence. They are different. So u can,t compare the two.

 

~snipped non-existing post....Bubba~

I'd go with KAV or even F-Prot when the new version is final.

 

Unless you happen to be running older operating systems like 98/se/me where kavs proactive defence is pretty worthless ,in its absence.If the posters running newer OS then kav would be my personal choice though.
ellison

 

as far as I know version 7 will include a new heuristic engine.

 

Not true, you do not need to wait for version 7, both version 5 & 6 will receive it when ready in nov/dec.

 

Yes, thats true, but even 98 users will be protected just fine, compared to any other AV with "just" the signatures and the present version of the heuristics.

 

And I would disagree with that . Most of my users already have SPI/NAT router , all 98 and 2000 have ZoneAlarm free and all my clients are well-protected now with the firewall and NOD32 . NOD32's advanced heuristics can save somebody's computer from vulnerabilites such as these from Word and Excel , the recent Moreover , if you talk about one products only , don't be so sure because ESET are developing their new ESET Security Suit which is coming at the end of the year and we still can't say if it will be OK , if it will be better or worse , the time will show

Best regards!

HiTech_boy

 

I am not sure you can compare KAV's Proactive On-Execution Defense
with heuristics proactive defence?

For example you can't just scan a file with a Proactive On-Execution Defense
but instead need to run it and hope for the best.

Good relevant post here:
https://www.wilderssecurity.com/showthread.php?p=775724#post775724

 

That wasn't my point. Just seems odd that folks keep comparing a Proactive On-Execution Defense with a heuristics proactive defense. They both have their respective advantages and disadvantages.

 

Oh, please. A heuristic scan engine will never, EVER save you from "vulnerabilities". It's not its job, it won't do it, period.

It might detect unknown malware, that's about it. Malware and vulnerabilities are completely different things and let's treat them as such, please.

 

Of course you can compare it detectionwise, it's the endresult that matters (eg detected or not), the proactive wil catch more, the fact that you have to run it (the file/malware)............well how many times have Marcos told users of Nod that were complaining a certain malware wasn't detected via on-demand, that it would be detected when executed.

 

Actually thats BS in NOD32 case because it's not using behavior blocker on host level but in virtual environment (aka sandbox if you want). So if it misses it on-demand it will as well miss it on-access.
That's however not the case with KAV6.

 

NOD32 saves MS Word users from vulnerabities thanks to its advanced heuristics :

http://www.eset.com/company/article.php?contentID=1404


NOD32 saves IE explorer users thanks to its advanced heuristics.See !
http://www.eset.com/company/article.php?contentID=1248
http://www.eset.com/company/article.php?contentID=947

 

I see. Thanks to its "advanced heuristics" they created a patch when the vulnerability was ALREADY KNOWN. Wow.

Sorry, how's that protecting against vulnerabilities? That's only a generic detection of a KNOWN exploit.

Same here. By the way, I'm sick and tired of this absurd use of "zero-day" by vendors.

"Zero day exploits" are NOT publicly known exploits for which no patches yet exist, and especially are NOT exploits for which no patch by the developer yet exists. They are exploits that were created before or the same day the vulnerability became public knowledge.

 

What they created was made only two or three hours after Microsoft gave it publicity.A lot of trojans were created in these some hours that used that exploit

When a malware tries to use this vulnerabity in order to perform malicious actions NOD32 will be able to kill it proactively so this is the way NOD32 protects against vulnerabilities.Note that NOD32 advanced heuristics study what a file will be doing

 

No, no AV can save you from vulnerabilities. They can just protect you from malware that is using vulnerabilities as means of distribution.
Thats a huge difference.

 

Yes , yes that is exactly what I am trying to explain in my previous posts

 

I noted that IBK's results were based on KAV's Proactive On-Execution behaviour blocker set at the max settings. Is that the recommended setting for the average user?