AVG Purchases Behavioral Detection Technology to Bolster Anti-Virus Defenses

http://www.eweek.com/c/a/Security/A...hnology-to-Bolster-AntiVirus-Defenses/?kc=rss

 

Sana Security has been acquired

Press release:

http://www.avg.com/press-releases-news.ndi-222495

 

Re: Sana Security has been acquired

Hmmm... So no more Norton AntiBot, I guess
Symantec will just have to rebundle Threatfire...

But this is a positive note. Hopefully, they will preserve Sana.

 

Re: Sana Security has been acquired

It could spell the end of Threatfire free though on a negative note.

 

Re: Sana Security has been acquired

True...

 

Code:

At the same time, AVG will continue to maintain low PC resource utilization for optimal system performance, a critical requirement both for the individual at home and for the business user,” said J.R. Smith, CEO of AVG Technologies.

Who is he kidding? The fat getting fatter

 

Very nice technology AVG is getting better and better ...

 

Well,

Now there are three

- A2 Malware = fully integrated AV + AS/AT + BB
- Norton end of 2009 = Norton 360 with TF technology
- AVG end of 2009 = AVG + PRSC

Avast has announced behavioral blocking in V5

So what are the others going to do?

 

same thing
by the way avast already has a bb

 

What do you mean the mail thingie or the ancient blocker in the standard shield

 

the anciant blocker

 

well i dont really need all these BB + AV integrated producst coming out, Avira's heur does a wonderful job at getting the unkown's and makes up for the BB IMO, besides thats why i have CIS and Mamutu

 

I agree

 

i agree i also loves those two

 

Well guys,

Two observations

A) Avira advanced heuristics of the V9 engine will problably deal with 85% of the zero day threats

B) ThreatFire and A2 Malware are examples of excellent combi's (AV + BB) of which A2 has the best detection ratio. I have tested TF against Malware Defender and the only intrusions on which a behaviour blocker currently does a worse job than a classical HIPS is
- CPU/disk load (then again nothing is so light as Malware Defender)
- Intercepting/simulating API calls like SSS does (these are considered normal operations)
- dealing with messages (which is quiet normal manner of inter program communication) as a staged intrusion

C) Behavior blocking is a splendid way to make your AV more effective. Currently AV's have to balance between deep scanning and performance. When an BB notices an intrusion it immediately jump starts the black list engine, to check whether it is a known malware (ThreatFire does so). Because teh AV is triggered at exceptions and not on every day normal operations the heuristics/packers handling can be very thourough. This in itself increases the effectivity of an AV (blacklist)

Cheesr

D) Future trends will combine blacklist, behavious analysis and virtualisation, i

 

What percentage of zero day threats does an average AV detect?

Thanks

 

Hard to tell, Kapersky also has high percentage, somewhere between 0 and 75 percent

 

thats only cuz kaspersky has some sort of HIPS built-in though.

 

I'm a bit confused cause I saw in AV-Comparatives ProActive Test report, they said "If the anti-virus software is always kept up-to-date, it will be able to detect more samples. For understanding how the detection rates of the Anti-Virus products look with updated signatures and programs, have a look at out regular on-demand detection tests." This makes it sound like AV's regularly have 90% + detection in the real-world, but I thought this wasn't the case.

 

Someone,

Most AV's have a detection rate of over 90% (some even 99%) when confronted with older malware. Detection of new malware (which fingerprint is not in the black list data base yet) has a lower detection rate.

AV's with some HIPS build in like Kapersky are able to tackle 75% of them. Avira with its old heuristics manages somewhere between 70 and 75 percent detection (so this are new malware samples). Avira V9 will have a new Advanced/Active heuristics which I have tested. It wiped out nearly 85 percent of the new malwares. So most AV vendors seem to add HIPS or behavioral blocking to their defense, while Avira is perfecting the heuristics approach (and achieving better results than other AVs).

Most competitors are not able to detect more than 20 - 50 percent with heuristics. So Avira has a secret trick which makes them stand out.

 

Maybe 90% detection on the virus list. But when in-the-wild samples are used, most scanners corner about 30-40% detection. The stellar ones can garner get 50+% detection, but never 90%. Thats why you need more.

 

Zero day, in the wild, zoo catelog

A- Birth of Malware -B- First infection -C- First detection -D- Vaccin creation -E- Cure listed -F- Cure downloaded - G- OLD remedies - H

B through D often called "zero day"
C through F often called "in the wild"
E through G also called "virus list"
F through H also called "zoo"

So detection rates vary on the definition used

Cheers

Kees

 

Well, about Symantec and Anti-Bot... how does it work when they're supposedly having this technology implemented and continually enhanced now in their SONAR-component (while seemingly not quite as effective as the stand-alone application even if stated as such and even better by Symantec and their "testing" - as seen in a topic during the NIS/NAV09 beta-period where a user was infected by malware crashing his RPC-service and NIS would not detect it, installing Anti-Bot and it was)?

 

didnt AVG buy some script company last year and how has that made them better. It to me sure as hell happened with what I see. I am getting really pissed as to what the real motive of some larger corps buying out the small fish. Is it really to enhance their products or to shut them up. This doesnt just apply to AVG.
Show me one instance where a large vendor bought a small one and made it worthwhile to the consumer. And please, dont use Comodo for an example.

I mean if I really wanted to build a product that would sell and crush the rest, it would be one that has a solid firewall, a AV like Avira, would offer Tzuk 2 million for Sandboxie, would offer Ilya 2 million for Defensewall and through in some bucks for AntiSpamSniper for my antispam. It is simple if I have the money and the common sense to leave each module as is. Ugh!!