anyway, avira is really falling behind on x64 in regards of behavior blocker module. I am waiting to receive my BD antivirus plus. Once it arrives, avira will be gone until they implement Proactiv on x64 windows 8, lol.
I didn't consider relevant to add details because it concerns to beta testers, above all. The star of the show is the new beta engine
If your Behavior Shield is set to Auto-decide (default), I think you will not see any popup alert at all. User can check the statistics counter to see which events were analyzed/blocked.
In the auto-mode, the user does not need to decide anymore if the reported action should be allowed or blocked. However, if malicious action was confirmed by the backend, shouldn't the user get a warning?
To mi knowledge, avast! Behavior Shield does nothing to protect end user unless set to Block or Ask. At least in entire history of its existance, i haven't seen it block anything in Auto-Decide mode. avast! guys say it's not really designed for that but i never really got an answer why it is then even visible to the end user then... With AVIRA, the lack of ProActiv in free version and inability to work under 64bit, made it equaliy useless in my view.
RejZoR, what is the purpose of the Avast BB then? Looks like a non-working feature to me. As I said before, I don't think it is possible to have a real effective BB under 64 bit. The limitations from the OS technically prevent alot of detection sensors. Of course you could try to compensate with user mode hooking, but that is too easy to bypass for the malware. In my opinion, it is possible to compensate a BB with the right cloud detection modules.
Yeah, I was referring to ProActiv and not the product as a whole. I'll edit my previous post for clarity. Sorry about that
Avast! BB only reports suspicious actions/binaries to their backend infrastructure. http://www.youtube.com/watch?v=p5GsCVGnwfE please go directly to "13:00"
@Stefan Kurtzhals you are expert and i am not. But i am confused Some AV vendors always talking about limitations but, some others build nice x64 apps. Zemana was talking about limitation when win7 released. But they are working fine now on win7 x64 Zemana is talking about limitations (win8x64) now But it will working fine, i am sure. https://www.wilderssecurity.com/showpost.php?p=2212772&postcount=49 Zemana is talking but Spyshelter made it. SS running fine in my machine (win8x64). It can dedect loggers/registry acces/driver registering/MBR modification etc. so It isnt impossible. Kaspersky remove their own sandbox(safe run) from KIS (because x64 limitations) but Comodo create their own sandbox and working fine on my win8x64 systems. and the other hand, KIS has good score on matousec; http://www.matousec.com/projects/proactive-security-challenge-64/results.php CIS HIPS is working fine x64 systems and They are planning to make BB. Developing BB harder than HIPS, i dont know. I think x64 and microsot limitations is barrier for AV developers but it looks it is not impossible on the user side. I dont know any BB which is working on x64 systems. But impossible? I dont know.
So just a few updates about Avira for everyone. With the coming of the 2013 version, the free version will now have reduced pop-ups. It will now only happen only once per week. These pop ups actually do a lot of good for Avira, good for at least 10k in conversions a week I am guessing , so they will not completely get rid of it. On the Pro-Activ and 64-bit, the general consensus is that they will not be developing this, but instead be using the Cloud Protection to take the place. Their Cloud Protection is different from anything else out on the market. It is a detection system that does not use VDFs, but instead tests each sample file against thousands of variables, like what it will do when on your system, and if it meets a certain number of criteria, it is flagged as a threat. Any file that is new on your system will automatically be checked with this system if you have Cloud Protection enabled. This is a huge advance, and so far the detection has been great on my computer for unknown malware that standard HIPS or behavioral detection finds.
I didnt see any different things CIS upload all unknown files to their cloud. If file is unknown (Comodo hasnt got file) so it will upload camas. result will return in 3-5 minutes(if camas can dedect it as malware). I read document; http://www.avira.com/en/avira-protection-cloud It looks they dont upload all unknown files only suspicious files. Only different thing is that. But avast/bitdefender/eset is working same method.
I don't like the way avira is pursuing. I'd prefer a local 64bit ProActiv module on my local machine because I don't like all my files being uploaded to the cloud.
Yes and if camas does not detect malicious behavior the file will be staying in partially limited mode forever ... (unless you register to their forums and submit that file's hash).
Yes, this is the answer why cis is not suitable for normal user (in my head) Also you know, some malware can run under limited right. Avira ask before upload files if you configure it. Other AV has one option cloud upload disabled/enabled. So i can say Avira show more respect
Hi Jeff, Avast has run well for me, and although it did not do so well on the Mar 2013 AV-C test I have confidence it it along with MBAM. Avira had a bad period and maybe it is back at the top, but I see no reason to change from either of my AVs shown in my sig. I don't think Avira has a Safe Money module does it? I am not adverse to trying it, but not to the extent I want to remove what I am using until the license expires. I especially like Safe Money, and as long as KIS runs well I will keep it. Avast has a similar capability and I like it as well. Regards, Jerry
