why doesn't avast use advanced heuristic detection engine yet?

hi, wilders security forums buddies,

I've heard avast doens't use advanced heuristic detection engine. Is that true? if this is the truth when avast thinks to change it? every one knows the advanced Heuristic detection Engine - Protects against unknown viruses because the most advanced antivirus machine employs the latest heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then the application will disinfect the file or recommend it for quarantine.This is a quantum leap in the battle against malicious scripts and programs as it allows the engine to 'predict' the existence of new viruses- even if it isn't contained in the current virus database. this is the formula to be the most efficient antivirus.I expect this truth will shift sooner.as I read in the avast support forum, perhaps only the avast 5.0 will proceed with that "proactive detection (or, rather, prevention of zero day malware) is (as already announced) one of the hottest topic of the new version. But of course, even the current version of avast ( 4.8 ) engine contains a couple of methods designed to tackle yet-unknown malware."
best regards.


ps: for the time being what should I use to be protected against unknown viruses ?

 

Re: why doens't avast use advanced heuristic detection engine yet?

I dunno whether Avast lacks heuristics or what, but you can always install a behavioral blocker in addition to your anti-virus, like ThreatFire or Norton Anti-Bot / PRSC.

 

Re: why doens't avast use advanced heuristic detection engine yet?

Just because it currently doesnt have heuristics doesnt mean it isnt as good as those that do.I remember AVG always used heuristics but their 6 version wasnt that good at detection when it was up against other avs that didnt have heuristics but had better and more sig updates.Apparently it will have heuristics in version 5 .Until then im completely happy using avast .
ellison

 

Re: why doens't avast use advanced heuristic detection engine yet?

Anyone around here actually know what heuristics do? I think not, or else they are not talking because the AV companies keep this stuff a secret. Most likely, it just flags packed and crypted executables.

 

Re: why doens't avast use advanced heuristic detection engine yet?

There are those that can give a proper explanation such as The Inspector for instance.

 

Re: why doens't avast use advanced heuristic detection engine yet?

I think Mr.Wikipedia will be able to answer.

 

Re: why doens't avast use advanced heuristic detection engine yet?

SourMilk's heuristic example for dummies like himself:

If it walks like a duck, quacks like a duck, looks like a duck - then it is a duck UNLESS it's a virtual duck then it's Donald Duck.

SourMilk out

 

Re: why doens't avast use advanced heuristic detection engine yet?

A new feature of version 4 is heuristic analysis of e-mail scanners. This feature can protect against new, unknown viruses and worms that are not possible to detect by the usual means. The heuristic module performs a thorough investigation of every e-mail message and watches for suspicious signs, that might announce virus presence. When the number of those signs exceeds a user-defined level, the message is considered dangerous and the user is warned.

Now, Avast probably doesn't know what they are advertising...

 

Re: why doens't avast use advanced heuristic detection engine yet?

That is what they say. I kind of doubt it, except for those AV's that actually say they do things that way. Even so, all of the latest AV's are filled with features that have vague descriptions. Every time some new feature is discussed nobody seems to know exactly what is going on.

No doubt in my mind the Inspector knows a bunch, but he might not be at liberty to say anything around here. I hope he is enjoying the Florida sun.

 

Re: why doens't avast use advanced heuristic detection engine yet?

Practically every AV on the market today (avast including) uses some kind of proactive detection. The way you call it (heuristics, generic signatures, fuzzy matching, ...) is somewhat irrelevant.

But if you're refering to an active emulator (aka Advanced Heuristics in the sense of Nod32) then avast doesn't currently use one (at least for the main detection). Is it a bad thing? I'm not sure. But I'm quite sure it can be quite efficient even without it.

Cheers
Vlk

 

Re: why doens't avast use advanced heuristic detection engine yet?

BTW if you have some time (and are somewhat computer proficient) you can read this classic thread of Technodrome

https://www.wilderssecurity.com/showthread.php?t=2892

Dated, but still very interesting (and ~99% accurate). Reply #7 discusses heuristics.

 

Re: why doens't avast use advanced heuristic detection engine yet?

More interesting than standard heuristics (even though they are nice) are behavior based detection methods. They are somehow harder to bypass since they aren't sensitive to crypters and packers. But they also have their own drawbacks... From last known info avast! 5 is going to build on behavior based system. I'm really looking forward for first beta versions to see how the progress is going.

 

Re: why doens't avast use advanced heuristic detection engine yet?

good read

they should bring back the ice name.

 

Re: why doens't avast use advanced heuristic detection engine yet?

I've seen heuristics of well-known AVs get bypassed extremely easily with a little packing and hex-editing, which doesn't affect most Behaviour blockers and HIPS. Nowadays Heuristics should always be used with behaviour blockers/HIPS functions.

 

Re: why doens't avast use advanced heuristic detection engine yet?

it was confirmed from avast technical department that avast 4.8 home or professional does not use heuristic analysis for it's detection. they use definition and generic detections only. that's what lacking avast compared to competitors like AVG 8.0, Avira, ESET, Kaspersky and others. but according to avast heuristic analysis is like plain guessing. THREATfire is not using heuristic either, it uses behavioral analysis. analysing the behavior of the program being run if it can cause damage or act abnormally.

do you know guys if when is the release of avast 5.0 which i think uses advanced heuristics?


by the way if you want a good anti virus with advanced heuristic analysis you better go to avira, nod32 or avg. they have less false positive issues.

 

Re: why doens't avast use advanced heuristic detection engine yet?

Isn't behavioral analysis (as you defined it here) a bit similar to the advanced heuristics of an antivirus (except it checks code in a "virtual environment")?

 

Re: why doens't avast use advanced heuristic detection engine yet?

There's no such thing as a "disadvantage" even if a product doesn't use dynamic emulation heuristics. The thing that matters is the final detection rate, not how much percentage of malware that a product can detect is done so "heuristically".

I'd go as far as to say that, as far as the end user is concerned, heuristics is nothing but a marketing buzzword, since it doesn't mean much anymore. The latest malware variants produced by professional malware-writing groups specifically tweak their creations to bypass the detections of mainstream vendors – and they succeed again and again – no matter how "advanced" those vendors claim their heuristics to be. Of those vendors you mentioned (AVG, Avira, ESET, Kaspersky), how many of them have heuristics that perform well against the latest Zlob, WinAntiVirus, Swizzor and Vapsup variants? None. How many of them rely on quickly updating their "traditional", non-heuristics detection signatures to fight those variants? All of them. Obviously emulation heuristics has served no purpose here at all.

 

Re: why doens't avast use advanced heuristic detection engine yet?

Nonsense. Malware-writing groups are not as powerful as your contend, but your statement does feed the paranoia of this site. The reality is, there are statistically significant heuristic algorithms that do stop the vast majority of malware along with signatures. Many here have never been infected with anything- including me. The risk of malware infection is much smaller than the "sky is falling" group of promoters in the security industry want you to believe.

 

Re: why doens't avast use advanced heuristic detection engine yet?

I agree with you that the chances of a infection for any regular surfer are small.Add a little knowledge and they are minimum.
Go to a publick bittorrent tracker,limewire ,download an application,and you'll see that heuristic are a joke.They don't detect nothing.Ids,hips ,sandboxes are needed.The average users downloading from there,and they are quite many i belive ,don't have a chance,using only an signature-heuristic product.

 

Re: why doens't avast use advanced heuristic detection engine yet?

im not saying that anti virus with advanced heuristic is better than avast. im saying that THATS WHAT AVAST IS LACKING COMPARED TO OTHER ANTI VIRUS. AND I ALSO STATE THAT IF YOU WANT A GOOD ANTI VIRUS WITH ADVANCED HEURISTIC YOU CAN CHOOSE FROM THE ONE I RECOMMEND. I DID NOT SAY THAT YOU PATRONIZE THOSE ANTI VIRUS. IT'S JUST A SUGGESTION.

 

Re: why doens't avast use advanced heuristic detection engine yet?

See this thread for information about Avast! Version 5:
http://forum.avast.com/index.php?topic=37002.0

 

Re: why doens't avast use advanced heuristic detection engine yet?

I'm not patronizing those products at all; in fact, I regularly recommend Avira, Kaspersky and AVG to other people. I'm just trying to explain that emulator-based heuristics are actually far from the ultimate, must-have weapon in the fight against malware as many people seem to believe. If a product can detect a virus, then it doesn't matter whether the detection was due to signatures, heuristics, generic detection, packer detection, or whatnot. If a product cannot detect a virus, then it doesn't matter if it has the best heuristics in the universe. What ultimately matters in the end is whether a product can or cannot detect something, and emulator heuristics is only one of the many methods used to achieve this end.

 

Re: why doens't avast use advanced heuristic detection engine yet?

Folks,

A couple of off-topic personally directed posts removed. Please keep the discussion product/technically based.

Blue

 

Re: why doens't avast use advanced heuristic detection engine yet?

@ Moderators and early hour members

I remember some interesting old treads of expert members and moderators. Reading this one I know for sure I have missed a lot of them. Would it be possible to open a sticky with links to these old but interesting posts?

Thx Kees

 

Re: why doens't avast use advanced heuristic detection engine yet?

I agree all that matters is detection- that is what ever mattered or should matter. Of course heuristics are far from the ultimate, virtually everyone knows that at Wilder's and does not rely on them alone.