Avira new heuristics

I heard from a post from stefan that there wil be new heuristics coming. I hope Avira keeps up the good work and the new heuristics not only improve detection but also reduces the amonut of Fp's produced

 

New heuristic rules will always cause new false positives to some amount, you cannot avoid that. Of course we perform lots of tests in order to avoid false positives before the new version gets released.
The release on 12th of december also made heuristic level 2 default for new installations, we got a bunch of false positives from that aswell that I am still working on.

 

This is one of the drawbacks to heuristics. There will always some level of FPs, some more than others. In some ways, keeping up with and tweaking them is akin to standard signature updates.

 

I can live with a few false positives, as long as the heuristics catches real malware.

Aviras heuristics is the best ATM IMHO, and now it`s getting better. Keep up the good work Stefan

 

Cant argue that point. Good work Stephan.

 

I Agree. Its got fantastic Heuristics and I know when I have sent somthing in which is detected by Heuristics to the Heuristic e mail submission address you normally get a reply from Stefan himself!

I have been so impressed I have ditched Antivir PE and upgraded to Antivir Personal premium today and love it. The only problem I had with PE was somtimes difficult to update but premium edition logs on and updates from server really quickly.

Superb product and I think the Heuristics are now as good as Bitdefender, Nod32, Dr Web and F-prot.

Cheers

Jlo

 

Actually better.

 

What test(s) are you using to support this claim?

 

Paternity? Ahh, I dont know. Heck, I use Kav anyway, in reality.

 

Is there any evidence that the lack of an http scanner causes any real danger? This is the one weakness I can see in what is otherwise an excellent product.

 

trjam judged the last av-comparative retrospective test

 

BitDefender and NOD32 scored the same as Avira in the November 2006 Retrospective Test and were superior in the May 2006 Retrospective Test.

 

Avira scored 53% in the last one and caught a few more samples then even NOD32. i think that is why trjam said avira's are "actually better."

 

Well AV-Comparatives test is not the only one showing that. I've scanned quiet few samples that are very new (i mean really very new) and it detected nearly all of them as HEUR/Crypted. It's really remarkable how such "low tech" heuristics can detect so much stuff. I mean "low tech" because there is no advanced tech like sandbox and advanced emulations involved.

 

BTW, some of the latest malware development includes effective anti-sandboxing / emulation code. They obviously noticed how easy the engines of NOD32, BD, F-PROT6 (and all the others doing behaviour analysing using emulation) can penetrate the old anti-detection measures.

 

Does this mean that from now on it is not longer effective to have a sandbox?

 

Only very few malware strains use this, the vast majority of malware is "vulnerable" to these detection methods. So at the moment sandboxing/emulation is still very efficient.

 

Yeah at least until all the SDK's are spread among kiddies...

 

A few days ago I was joking with a co-worker if there is a Antivirus-Research forum/group.

I bet there is one.

 

Hehe Though we can be well sure there is one...

 

I encountered a lot of FPs alarms especially for Nero 7 and one for Skype.exe and also for ole16.dll. It reports that these files contain a signature of W32/Saburex and for <<ole16.dll>>:W32/Saburex.A.DLL

 

i wonder about the lack of http scanner being a issue as well.
lodore

 

My mistake...I really was infected with this virus. Sorry

 

nero and skype are clean,

maybe the dll was a dodgy though.

 

doctor, was that virus signature reported on Skype and Nero or heuristic detections? (HEUR/)