AVG Purchases Behavioral Detection Technology to Bolster Anti-Virus Defenses

I believe that would be LinkScanner.
Before that was Ewido, and they killed that.

 

kaspersky uses AVZ.......i'd like to see u comment that ;p

 

@ Kees1958 and vijayind

Thanks for the explanations, I think I understand now.

 

Most of the time, they do it to lessen their competition. Sometimes they incorporate all or part of the technology they bought into their product lines, but that doesn't always happen. Ultimately, these big companies want to sell as many of their products/services as they can, and reducing the consumer's choices will help them do just that.

 

Well,

When Avira for instance has a pricing scheme of 20 euro (premium) and 40 euro (suite). When they could drag (2.000.000/(40-20)) = 100.000 users in buying the suite with a Sandboxie or DefenseWall add-on, the 2 Meuro would pay itself back in one year.

Investements with a payback period of one year are good!

SBIE has no annual fee, but DefenseWall has an optional 7,5 euro renewal (10 US bucks I think). So moving DW users to Avira will mean an additional increase of 20 euro's per user, making the equation even better.

 

Hi, Oh NO! here comes again..

First was My Ewido few years back and now my PRSC (license still valid for more than one year) . Hoping this time around, AVG will take PRSC users' residual values into their humble account.

 

Almost there. $10.95

 

Not sure about Sana's effectiveness, but in this video review Threatfire does really well:
http://uk.youtube.com/watch?v=0bo3oPErZxo&feature=channel_page

I can't see AVG allowing one of their main rivals to continue to use the technology for their Anti-bot and I believe Sonar is based on it? Symantec could incorporate Threatfire instead, but would such a move mean the end of the free Threatfire? I wouldn't be surprised if all PC tools products eventually disappear and the technologies integrated into Norton products, but that's just a guess though.

Looks like behaviour analysts is the future along with HIPS and Sandboxing.

 

I'd say as far as Threatfire goes, 2009 will see the end of the free version.

 

AB is little conservative. TF added to much to boot/load time. Neither is perfect.

This must have been in the works for quite a while; never seen AVG blasting Symantec.

 

neah,so many users got it and they get lots of info from auto data sumbitions and community protections e.t.c..prolly makes their analysts life easier

 

SONAR actually is pretty effective. It doesn't pop out at every suspicious action; only when there is actual zero-day malware.

As for SONAR and AB, I do not recollect anyone saying that SONAR>AB. They said it was more or less the same; SONAR incorporated the battle-tested components of AB and detection was comparable.

http://community.norton.com/norton/...&thread.id=7198&view=by_date_ascending&page=2

see davecole's post

 

Yeah, that's the post I was refering to, and here's the topic about a user of NAV09 where he has malware messing with his RPC, NAV09 with its SONAR with supposedly Anti-Bot technology implemented not reacting, but the stand-alone sure detects the malware with its connected traces: http://community.norton.com/norton/...eedback&message.id=9552&query.id=284129#M9552

My personal experience with the new SONAR has not been positive as it's not reacted when doing some testing previously (no, I don't remember exactly what I tested back then) and also produced some serious FPs causing a lot of trouble for me - but yes, this was during the beta-period. Still, even in the final, it won't for example detect new variants of malware, e.g. XP Antivirus 2009 for example when Matt Rizos tested it, and for me when a new worm/bot had entered my PC during the final. There we have both bot and new emerging threat/zero-day actual malware going on. Last time I saw SONAR actually active with positive detections was in NIS08 when my PC had done testing for too long...

Still, I'm a user of Norton as it's its strong sides which makes it suit me better than the other software out there as main-security. Behaviour when fighting malware it detects for example. Many don't like it, but a lot of factors about it makes it suit me - and so on, and together with complementary software it still makes a part of my defense.

 

I remember that thread

As for rouge security suites, that kind of stuff is left up to the signatures. What behaviors of rouge security products can SONAR observe?

 

Yeah, I guess you're right about that one... Still really disappointed about that worm/bot though. That's something it should definitely have caught if it was effective - cause there we've clear malicious behaviour of an emerging threat that it didn't detect by signatures at the time.

I began to suspect something after a while since I'd service.exe in my startup. I first didn't think about it too much. Then I went to test my madeup, free "security suite", which is builtup by many separate, free security software. ThreatFire was a part of it, and after installing it it detected service.exe doing all kinds of malicious activities. My USB drive had also not been working good for a while, and after doing some research, I came to this description of the threat being the best - at Panda Encyclopedia: http://www.pandasecurity.com/homeus...clopedia/overview.aspx?lst=det&idvirus=198514

 

Why can't Comodo be used as an example?