avast! 7.0 public beta

Discussion in 'other anti-virus software' started by RejZoR, Feb 8, 2012.

Thread Status:
Not open for further replies.
  1. vlk
    Offline

    vlk AV Expert


    The new avast account is a new feature that allows you to view/control (and in a limited way, also manage) all the avast installations you have made (either on your computers, or your friends' and relatives' ones). This is done through a new web-based console/dashboard.

    The soon-to-be-updated avast for Mac and avast for Android also support this, so that you have a centralized view of all your avast-protected devices.

    The functionality is still not enabled in the current beta - but it will be in the next beta refresh.

    Thanks
    Vlk
  2. Scott W
    Offline

    Scott W Registered Member

    Maybe I haven't been paying attention - does this beta also install the Avast firewall? :oops:

    Thanks,
    Scott
  3. RejZoR
    Online

    RejZoR Polymorphic Sheep

    Vlk, make sure to tell us when the FileRep will be enabled.
  4. vlk
    Offline

    vlk AV Expert

    The main thing is now enabled by means of the latest virus def file (120219-1).
    There will still be some tweaking moving forward, but the main functionality is already there...

    Thanks
    Vlk
    Last edited: Feb 19, 2012
  5. RejZoR
    Online

    RejZoR Polymorphic Sheep

    You probably mean VPS 120219-1 right? Considering it's february and not january now...

    Anyone willing to record a new video test on Youtube now, please do so. Again nothing scientifical, just as observation how things behave.
  6. Sherlock_Holmes
    Offline

    Sherlock_Holmes Registered Member

    Notice on avast facebook

  7. RejZoR
    Online

    RejZoR Polymorphic Sheep

    I have just tested avast! 7.0.1401 on my rather old but hey, still useful WinXP SP3 installation. I haven't fiddled with any of the settings (out of the box setup), just installed it and tested the links. Around 30 links were used (brand new stuff) and not a single went through. Either it was blocked by the Network Shield, by the bad file reputation or by the auto sandbox. I am genuinely impressed. They just have to charge up sandbox analysis so the sandbox will also make some sort of conclusion on the sandboxed file but even as it is it simply prevents the direct infection and raises suspicion by the user.
    It was really about time to see something this impressive. I'm really looking forward to see some dynamic tests for this coz it will kick ~ Snipped as per TOS ~ :D
    Last edited by a moderator: Feb 21, 2012
  8. clocks
    Offline

    clocks Registered Member

    Is the "bad file reputation" referring to the cloud feature? If not, did you see the cloud feature come into play during your test?

    If I have time tonight, I will do a test myself.
  9. RejZoR
    Online

    RejZoR Polymorphic Sheep

    Yes, file reputation is a part of a cloud. Cloud consists of two parts, FileRep (File Reputation) and Streaming Updates. I've seen reputation warning for like half of the samples. It's a big yellow dialog warning so you can't really miss it.
  10. clocks
    Offline

    clocks Registered Member

  11. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

    Can you post a screenie of it?
  12. Kerodo
    Offline

    Kerodo Registered Member

    Will the beta update to final when it's released? Or will I have to uninstall it and install the final manually?
  13. Fuzzydice45
    Offline

    Fuzzydice45 Registered Member

    Just had a few questions...

    (A) How does the auto-sandbox determine if a file is suspicious before it is executed?
    (B) How does the auto-sandbox analyse the suspicious program and make a recommendation once it has been sandboxed?
    (C) What files are checked against the FileRep database? Are all new files checked or only suspicious files checked etc.

    Thanks,
    Great job on the new release :thumb:
    Last edited: Feb 21, 2012
  14. clocks
    Offline

    clocks Registered Member


    I just tested Avast 7. So it basically says "we have not seen this file many times, and therefore suggest you don't download it..."? I was hoping it would scan it on Avasts servers and return a verdict. Will it do that?
  15. RejZoR
    Online

    RejZoR Polymorphic Sheep

    Yes, you will be able to update directly from BETA to FINAL version using the integrated updater.

    A: It determines the file "quality" using heuristics and File Reputation. It is not known if Behavior Shield is involved here.

    B: It has not yet been documented but i'm guessing it's again using heuristics and behavior analyzer otherwise found in Behavior Shield. For now this feature is not functional just yet, but will be in the final release.

    C: As far i was talking with the devs, all on-access scanned files (probably EXE, SCR, COM and other suspicious types) are checked against FileRep in the cloud. Same applies to all transfers done through Web Shield. It's probably not checking non-malicious types of files like MP3 and video files.

    For now, it's not scanning the files remotely like Comodo does. First there is a privacy issue by doing so, as you're sending the entire file to 3rd party and also doing so is a very wasteful method. Imagine how much horsepower you'd need to process all the unknown files from ~180 million users? And there is also a delay issue with so many users. It would probably take some time to process the files. For now, FileRep only checks file characteristics like creation time, number of users having such file, when it was first seen, its origin URL and so on. This will be enough for now to create some useful statistics on how to treat specific files.
  16. vlk
    Offline

    vlk AV Expert

    I don't see any advantage of uploading the file anywhere.
    <rant>Maybe only to check what other AV's think about the file, as some other products do?</rant>

    The analysis is done locally, using the avast sandbox. I.e. besides the FileRep on-download warning (which btw only applies to the on-download scenarios, not on-exec), the file is executed inside the avast! sandbox and analyzed there. Just the log (the report) from that session (execution in the sandbox) is then optionally transmitted to our servers.

    We have built some good tools to tune this system, so we're really curious how it will work against real-world malware moving forward.

    Thanks
    Vlk
  17. 3x0gR13N
    Offline

    3x0gR13N Registered Member

    From reading the posts (I haven't tested v7), there's a certain level of dependency between Autosandbox, Behavior shield, FileRep, and Web shield, higher than in v6 (due to new features).
    How would avast behave if one of the components isn't installed, for example if I don't install Web shield would FileRep still account for "where the file came from" for downloaded programs? (or is the feature working only for files that are yet to be downloaded, i.e "we have not seen this file many times, and therefore suggest you don't download it..."?)
  18. zerotox
    Offline

    zerotox Registered Member

    :thumb: A very good point made! I'm interested too.
  19. vlk
    Offline

    vlk AV Expert

    Yes, a good question. The shields indeed work much more in "teams" in v7 and so if you don't install some of the shields (e.g. the Web Shield) it may hurt the other shields as well.

    In the specific case you mentioned, yes, missing the Web Shield will remote both the FileRep on-download functionality as well as the URL tracking functionality.

    Thanks
    Vlk
  20. 3x0gR13N
    Offline

    3x0gR13N Registered Member

    Thanks vlk. I thought that was the case, but wanted to make sure. :)
  21. RejZoR
    Online

    RejZoR Polymorphic Sheep

    Vlk, considering how deep shield dependences are now, it would be smart to consolidate them a bit.

    For example:

    - File System Shield and Script Shield should be put together
    - Web Shield, Network Shield, IM, P2P and Mail should be under 1 shield
    - Behavior Shield would remain on it's own

    I'd just remove the ability to remove individual shields now.

    There are several reasons for that. First, so many shields seem confusing to some users. Such heavy dependency between shields makes it useless not to use all of them as you just degrade protection not knowing you're doing that. And third, all the features are now covered by just 2 processes that consume just what, 8MB of memory? Before ppl used to disable shields to remove additional processes. Doing so now makes no sense really.
    We'll dsicuss this on avast! forums further and see what we'll come up with together with avast! team. I think my proposition makes quite some sense.
  22. clocks
    Offline

    clocks Registered Member

    So, at this time, FileRep basically just indicates how common the file is?

    This version is shaping up very nicely BTW.
    Last edited: Feb 22, 2012
  23. Baedric
    Offline

    Baedric Registered Member

    I am curious.
    Will I be able to just disable the Behavior Shield because I am using a different product for that? If I disable the Behavior Shield will I be compromising the other shields?
  24. vlk
    Offline

    vlk AV Expert

    No. The FileRep database contains all the information about the file we have. Prevalence is important, but is by no means the only thing.

    I'd recommend against that. Behavior Shield brings some additional insight and can help quite a bit. For example, it allows us to better identify the offending modules (in case of an infection).

    And, it doesn't really conflict with anything, so even if you run another HIPS/BB there shouldn't be any issues.

    Thanks
    Vlk
  25. RejZoR
    Online

    RejZoR Polymorphic Sheep

    Even though many often advise not to use several products i haven't seen any adverse effects. The app that detects the malware first will take over the detection and there won't be any conflicts. Only time when i managed to get my system stuck was virtual machine in which i installed like 10 antiviruses at once. Which was done intentionally and i was looking for such result.
Thread Status:
Not open for further replies.