Why has Avast zero-day protection fallen so much over the last few weeks?

Discussion in 'other anti-virus software' started by nine9s, May 17, 2013.

Thread Status:
Not open for further replies.
  1. FOXP2

    FOXP2 Guest

    We'll understand your no reply to mean you don't really know what version. :rolleyes:

    :thumb: :thumb:
    .
     
  2. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Looks like today AVAST! is back at ~80%. I wouldn't worry too much just because 1 or 2 days or even for few weeks the detection goes down. But then again for me my antivirus is a 2nd line of defense.
     
  3. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    310
    Location:
    USA
    For the Linux version it states 3.2 version Avast. For Windows, it states command line but no version. Many of the other tested vendors' programs are same version on Linux and Windows, when both are listed, and the Linux and Windows results for Avast track each other pretty close, so it seems they are the same.
     
  4. FOXP2

    FOXP2 Guest

    So then 3.2 = 4 & "pretty close" & "seems they are the same"

    I do stand corrected and accept these parameters as the benchmarks of precision, accuracy, expertise and accountability in this forum.

    But I just may run that math and logic by the tax man during my next encounter. :D
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I would love to see Shadowserver add ExploitShield and EMET to their applications and see how they do since we are talking zero-day exploits here.
     
  6. guest

    guest Guest

    I don't know about Shadowserver and ExploitShield, but EMET is not something that you can simply add as an additional feature. Mind you, you're playing with the OS. One mistake and your product will get bad reviews all over the place. Better let Microsocksoft develop EMET, especially since it's currently under an active development.

    Alright, let me ask... is zero-day such a common infection now? If not then I just don't see the point of worrying about Avast!'s (or any other AVs') zero-day protection. :doubt:

    EDIT: Just read the link given by ronjor. So yeah, there's no need to worry about this IMO, at least not for now.

    EDIT #2: Alright, I misread the post. I thought itman said that they need to add EMET-like feature into Avast. Turned out that he said he'd love to see ExploitShield and EMET into the test. God I need to stop doing this. :ouch:

    Well, wouldn't it be incomparable? Unless it's EMET's specific test, which has been done by MS IIRC.
     
    Last edited by a moderator: May 20, 2013
  7. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    Sorry for not replying earlier.

    A couple of things:

    - This is an on-demand test only. I.e. it doesn't take into account any "shields", so, for example, neither EMET nor ExploitShield (mentioned above) would make any difference whatsoever. In case of Avast, this means no Evo-Gen, no autosandbox, no dynamic detections, no Web/Network Shield etc.

    - When looking at the samples coming from ShadowServer, we noticed a very high incidence of file infectors (typically many files of the same families). These are definitely not "zero-day" - I mean, the specific files may be "zero-day" in the sense that they haven't been seen in the past (because they're kind of unique, as the underlying innocent file hasn't been seen infected yet), but the virus families are old.

    - The ShadowServer infrastructure has frequent outages etc., making the overall test quality even more questionable...

    Overall, I wouldn't use their results for any kind of decision. Even the VirusTotal results probably give a better insight into the performance of the various engines than this one.

    Thanks
    Vlk
     
  8. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    310
    Location:
    USA
    Thanks for clarifying. It looked on surface as good testing place, but it does say it is not meant for comparison and I glad for the clarification of how they test.
     
  9. guest

    guest Guest

    Just curious, is there any plan for Avast! in the future to add an anti zero-day exploits feature (either with things like DEP, SEHOP, etc or a completely different method)?
     
  10. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Do you mean will they support it? They can't add it, it's already built into the OS, but they can support it, which some security programs still don't. I think Avast already does support them, but VLK can answer that better than I.
     
  11. guest

    guest Guest

    Yeah, pretty much making a GUI for it. Or they can do something entirely different in which I couldn't explain since my knowledge in this is extremely limited. :D
     
  12. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    I don't think they would do that, nor do I think it would be wise to do so. If a security program supports DEP and such, they do it to protect the program from malware tampering with it/exploiting it/shutting it down. Users don't need that kind of power. Plus, when dealing with DEP/SEHOP and those things, there isn't much there to tweak. It's all but an on/off situation.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.