Avast 2015 Beta 2 (Build 2015.10.0.2200)

Discussion in 'other anti-virus software' started by NWOAbschaum, Sep 19, 2014.

  1. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    NG is not suppose to be "feature rich". It's just an engine doing the job under the hood. And yes, the OS is virtualized. Well, maybe not in this beta just yet, but the idea is that they virtualize entire OS. It's the reason why they've gone through all these trouble to make it happen. Otherwise they could have just stayed with the old sandbox.
     
  2. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    VMs are running an entire system kernel in RAM separated from the host OS kernel. I highly doubt NG is doing that in realtime. What's more likely is that they've taken some design ques from Shadow Defender an the like (which mitigates some "sandboxie" limitations).
     
  3. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    They are using Oracle's technology. Not sure how and to watch extent, but effectively it's using VirtualBox technology. Which, as you know is a full fledged virtualization stuff and not some poor basic sandbox.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I would not call Sandboxie a poor sandbox, but I think when they are talking about "hardware based virtualization" they will try to make the sandbox harder to crack because of the use of security features from the processor (hardware). I do not see how "full OS virtualization" like VirtualBox will be used, but you may know more about this. And perhaps it will even be a bit like Bromium micro-virtualization, who knows? :)

    http://www.bromium.com/innovations/micro-virtualization.html
     
  5. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,097
    Whatever the case, I really want to see how avast! 2015 does at AV-Comparatives.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    Avast was really my go to free AV 2 years ago..............until all these buggy fancy named technology screwed up their software. This tech will give out more bugs and detection rates haven't been anything to talk about either...
     
  8. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    You haven't even seen to be around avast! beta sessions?? From v7 to v8?? It was huge improvement.With evo-gen and filerep modules now detection is much faster and better.It hardly takes couple hours to 1 day to pick up a set of 17 threats that were not detected orginally.Within a hour,filerep picks up on new stuff.Yes I mean in on-execution detection.Reaction times are much better.And I have seen new detection modules in action on some client's machines.Best thing about these 2 modules they are all backend no resource drain on current installation.

    How about beta1 to beta2 of avast 2015?? It took them almost a month from beta 1 to beta 2.They are going completely slow.And beta 3 is not far either.Its next month around the 3rd.So what's improving?? deepscreen is getting better with beta 2 about 30% increase with current beta and in next beta dyna-gen should be operational.As far as NG is concerned there are problems with its compatability on some x64 bit machines,sometimes it works on one and does work on another as pk said they will be ironing out these compatability issues and checking how stuff can be moved on.Then we will see...

    I don't know why people make such derogatory comments without even checking the current product status.What else you need?

    This is my personal experience with seeing bunch of malware pack testing and re-scanning and I know its not 100% but its a observation I have made over few months.No to mention no AV-C or any other testing here.I know results of AV-C are not good but should get better with 2015.

    Better reaction times,Better detection,Better sandbox/deepscreen,low resources,custom installation option.Absolute flexibility.

     
    Last edited: Sep 21, 2014
  9. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    It absolutely does that. It's a full virtual machine, instantiated from your live system. If you run malware in it, it can freely do whatever it wants - load kernel drivers, exploit kernel vulnerabilities, rewrite the MBR, format your hard drive etc... it doesn't matter as it's all running in a full hardware-assisted VM.

    This is the whole point of NG. If you've ever heard about FireEye, this is a bit similar but it runs right on your PC (instead of a specialized box running in a data center, as is the case with FireEye). Also, to make NG work, we spent roughly 1 year optimizing it so that the memory consumption requirements of the VM are much much lower than what you'd see in a typical VM. This is because many of the virtualized memory pages are still shared (but in a secure way).

    NG still has some rough edges that need to be ironed out, but it's a very exciting piece of technology and I really think it will make a difference.


    Cheers,
    Vlk
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Will you be able to make more general behavior detections this way or will you be limiting the capability to more specific behavior of a single malware group(s) like you did so far?
     
  11. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    Thanks for the explanation vlk.
    Do you have minimum hardware requirements for this feature, as I see it will be disabled for "slow hardware"? Also, how will this feature affect 3rd party software that is sensitive to hypervisors and code injections (anti-cheat in online games etc.), would it only affect them if they're being analyzed by NG or are hooks/code injections used for executing files in the VM system wide even of there's no NG analysis going on?
     
  12. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, only limitation is VT support. Considering i'm running it fine on AMD E-450 which is like almost bottom of what you can get, you could get away with pretty much any modern AMD or Intel CPU be it low end APU, Intel or Atom.

    In fact, Beta2 feels faster than v2014 on same system so that's really good actually.
     
  13. pk7

    pk7 Registered Member

    Joined:
    Nov 28, 2009
    Posts:
    12
    Location:
    Prague, CZ
    Minimum system requirements for NG component:
    • physical machine (working under VM is possible, but it's very slow even on modern CPUs with nested virtualization)
    • VT-X/AMD-V is required ONLY for 32-bit Windows8+ OSes and for all 64-bit OSes (VT-X/AMD-V can be turned off in BIOS, but sometimes we can enable it programmatically)
    • 1.5GB RAM for 32-bit OS and 2.5Gb RAM for 64-bit OS
    • no active hypervisor (Hyper-V), no 3rd-party system restore applications (DeepFreeze)
    In RTM, we plan to:
    • support XP SP2+ OS
    • have own volume snapshot system (for very small HDD footprint)
    • not support slow computers (especially with non-SSD HDDs); the details are still undecided, we're still gathering performance penalty from various HW configurations (CPU, HDD)
    It is not our aim to install NG on every computer. Information about suspicious files are shared among our user base and it's enough when only one user will analyze this file under NG. We'll analyze the results and they will help other avast users, even those on slower computers without NG. Every avast! user can still use DeepScreen with classic sandbox to analyze suspicious applications.
     
  14. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    But classic sandbox has proven to be rather disappointing, so saying they can still rely on it isn't exactly helpful...
     
  15. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    565
    As much as I'd like to see NG running on all machines, we must understand that protecting 10 year old PCs would be rather difficult when possibilities for new technologies are limited (HW/OS level).
    NG aside, RAM usage is talked much about everywhere. I wouldn't bother if AV consumes 200MB of ram if it makes everything it does quicker. It's just that old machines couldn't deal with it... Again, old machines only. New ones rarely come below 4GB RAM for example.

    Just my 2 cents.
     
  16. pk7

    pk7 Registered Member

    Joined:
    Nov 28, 2009
    Posts:
    12
    Location:
    Prague, CZ
    I don't think so, it's still quite useful for most malwares. In our lab, we use it to analyze every received malware every day and a lot of detections are based on sandbox results. However, some malwares are so sophisticated and complex they must be analyzed on the separated machine (as vlk pointed out, any existing application sandbox (avast! sandbox, sandboxie, comodo sandbox, ...) won't allow malware to load own kernel-mode driver, modify your MBR, format volume, ...). These operations can be allowed and analyzed only in NG.

    I agree with you about that. Nowadays, most our new features can be implemented only on newer OSes (NG, HTTPS scanning, secure DNS, ...), because either XP/Vista contains buggy interface (for network filters) or it's very hard to implement it from scratch (some parts required for NG, etc). Users don't understand XP SP2/Vista were released in 2002 and 2005, and there're a lot of internal changes in newer OSes (although you may not noticed that from the app's perspective). We still try to support XP users, because XP user base has still some 20%.
     
  17. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Aaaah, it's you pk from avast! team. Wasn't sure if you're a dev or not. From what Vlk said, i though the sandbox was the limiting factor, but now you say it's only for more sophisticated stuff. Though i thought it was the sandbox limitation that was preventing you from using Dyna-Gen.
     
  18. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Now this is what is a point of concern.So currently classic deepscreen without NG is not quite good.Is this going to change next week when all detections go online (dyna-gen) ??
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Sounds like revolutionary stuff but I still can not envision it. I mean, you will not be loading a whole new OS just to analyze malware I assume? And when it comes to Safe Zone and the Sandbox I do not think that full OS virtualization is needed. :)
     
  20. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
  21. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    565
  22. LagerX

    LagerX Registered Member

    Joined:
    Apr 16, 2008
    Posts:
    565
    https://forum.avast.com/index.php?topic=155794.0

    new BETA3 released.

    In AVAST 2015 Beta3 you can find mainly stability a performance improvements:
    • Improved malware detection in DeepScreen running on NG
    • IE plugin - fixed problem with continuous opening AOSP settings
    • Webshield - performance and stability changes
    • Browser Cleanup - fixed missing extenstion list for Chrome 37
    • SecureDNS stabilization
    • Improved registration to Windows Security Center
    • Many general performance and stability improvements

    Known problems
    - Online content for GrimeFighter still in development
    - There might be problems with removing bad addons on Win8.1 in Chrome in BCU
     
  23. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
  24. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Good find Mops.
    Thanks LagerX
     
  25. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    I tried the 2015 Beta 3 just out of curiosity. I got the browser links on the desktop with the NG, but Chrome wouldn't open at all and MSIE was dead slow. When it finally opened after over 2 minutes, got a blank screen for another couple of minutes before the homepage opened. But no bookmarks came along with the browser. I typed in an address and it took a full 3 minutes for the page to begin to open. After waiting another several minutes, I gave up. The page never did fully finish opening. I tried another and same thing. I reverted back to my prior setup. I'll wait for the final and see what happens.

    This all could be a result of my 2008 Dell Inspiron 1525 laptop, Vista with 4G RAM. No virtualization available. I'll post the info on Avast beta forum.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.