a-squared Anti-Malware 4.0 BETA

Staff from A-Squared advised not to post any screenshots for the time being because the GUI is still undergoing refinement.

 

BG, check your PMs, I think you may have a surprise my friend.

 

The new a-squared Anti-Malware with the Ikarus engine will no run better or worse in combination with other resident guards than the version before.

Let me step into some technical details, why it is 'usually' recommended to NOt run 2 or more guard programs:

Years ago, most Antivirus tools used 2 main components to provide a protection against new infections:

1. OnExecution scans: That means, if the user double-clicks an .exe file, the AV guard scans this file right before it is loaded, and interrupts the program start, if there is something found. This kind of technology is safe, even if more programs use the same techniques (except the hooks are not coded correctly).

2. OnAccess scans: OnAccess means, that every single file that is opened or saved on the harddisk, is scanned. If you have ever started tools like DiskMon, you can see that every second, hundreds of files are accessed. That makes this kind of scan unstable and slows down the system a lot.

Imagine the following scenario to understand what the problem is, when 2 guards run such an onAccess scan:

- A file is opened by let's say Notepad.
- Guard A scans the file. To do this, it has to open the file too.
- This can trigger Guard B to scan the file as well. And yes, it must read the file too.
- This can cause Guard A to scan it again, etc. and we're in a loop that takes 100% system ressources and freezes the computer.


Why doesn't have a-squared this problem?

It uses only an onExecution scan, but no onAccess scan. That does not depend on the number or types of the used scan engines. Even if our guard would use 5 AV scan engines, without an onAccess scanner there would be no conflicts with other resident guards.

 

@emsisoft: Okay, that's good to know And if it indeed does run w/o conflicts then I'll be looking forward to this new version.

 

We've posted some screenshos in the original a-squared Anti-Malware 4.0 Beta announcement:

http://forum.emsisoft.com/Default.aspx?g=posts&t=3529

Please note that these screenshots are not final and subject to change.

 

Not SAS/MBAM

 

Hi

I know Ikarus is very good in detection but I think it has a lot of FPs?

Thanks

 

Hi

Thanks for the explanation! So is on-access scan the only way signature scanners conflict except for bad coding by the vendor?

And both engines will be available in the free version right?

Thanks

 

There are some more possible conflict scenarios. A common one currently is bad programming of hooks and kernel mode drivers that are used for HIPS and Behavior Blockers.

Some programs use 'dirty' hook techniques that may not allow other programs to place similar hooks. That results in software crashes or malfunction.

Yes.

 

I've been impressed with emisoft's programs for awhile now. Mamutu works well and runs lighter than the competition. Good to hear ASAM shouldn't conflict with other AVs.

Will have to give this new one a trial.

 

The website for Ikarus AV is HERE & is in the German language. To download a trial copy, look in the left-hand column & click the link entitled "Demo Lizenz".

As you probably already know, you can have Google translate web pages by using THIS link.

THANKS!!! A wonderful surprise indeed! I had a PM from Mr. Haak and was absolutely delighted to hear from him. He told me that his health problems prevent him from writing new applications or being online very much, but he does regularly monitor the Wilders forum.

My best wishes go out to you, Mr. Andreas Haak. Live long and prosper!

The heuristics of Ikarus can be classed as "aggressive." However, you can set them lower if desired. As you probably know, it is a fact that (at the PRESENT state of technology) the number of false positives generated by a heuristic scanner is roughly proportional to that scanner's aggressiveness in detecting a high percentage of zero-day threats.

Check the March 2008 tests reported on by links at the bottom of THIS blog. The fellow used a grading system (A,B,C etc). For FPs, Ikarus got a "C" along with other AVs such as BitDefender, DrWeb, Kaspersky, VBA32, etc. If you prefer to view raw test data rather than grades, that same blog links to an Excel spreadsheet listing full results.

 

you are welcome my friend. And please folks, quit associating his name with Diamond CS.

 

Hi

I looked at the test again, and Ikarus did get A for both malware and spyware on-demand. But for everything else, False positives(scan of 100,000 files), Performance (scan speed), Proactive detection of new, unknown malware, Response times to new widespread malware, Detection of actively
running rootkits and Remediation (cleaning) of malware infections, it ranged between B and C.

Thanks

 

I have ASAM 4.0 beta running on XP SP2 along side the latest Vipre AV/AS beta and Sunbelt firewall. The A2 real-time shield is enabled (all features turned ON) and so far there haven't been any show-stoppers. I used Mamutu for quite a while previously and didn't have conflicts/compatibility issues (it worked better than ThreatFire for me).

By the way, has anyone installed ASAM 3.5 or 4.0 beta on a system running KAV2009? I wonder if they would get along? Perhaps KAV2009 Proactive Defense would have to be turned Off (?)

 

Im Running A2 4 Beta and it works fine alongside my Main F-Secure AV for Workstations 7, SAS Pro and MBAM (Full version).

It did pick up a few FPs on its first scan (like a FP on Wormguard) - these were all from the Ikarus engine - but I have sorted these with a whitelist.

It is slow on a deep scan - several hours, but appears light with the realtime guard. A2 always did well in tests and now with the new engine running alongside, I would pick it if i had to keep just one of my malware scanners.

I also run SandboxIE, System Safety Monitor and SuperadBlocker (with realtime scanning turned off) and there apear to be no conflicts.

You can also get a free 1 year license for a2 at the moment - see a thread elsewhere in Wilders.

Very pleased with it.