a-squared Anti-Malware 4.0 BETA

Discussion in 'other anti-malware software' started by Chubb, Jul 9, 2008.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Staff from A-Squared advised not to post any screenshots for the time being because the GUI is still undergoing refinement.
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    BG, check your PMs, I think you may have a surprise my friend.;)
     
  3. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    320
    Location:
    Nelson, New Zealand
    The new a-squared Anti-Malware with the Ikarus engine will no run better or worse in combination with other resident guards than the version before.

    Let me step into some technical details, why it is 'usually' recommended to NOt run 2 or more guard programs:

    Years ago, most Antivirus tools used 2 main components to provide a protection against new infections:

    1. OnExecution scans: That means, if the user double-clicks an .exe file, the AV guard scans this file right before it is loaded, and interrupts the program start, if there is something found. This kind of technology is safe, even if more programs use the same techniques (except the hooks are not coded correctly).

    2. OnAccess scans: OnAccess means, that every single file that is opened or saved on the harddisk, is scanned. If you have ever started tools like DiskMon, you can see that every second, hundreds of files are accessed. That makes this kind of scan unstable and slows down the system a lot.

    Imagine the following scenario to understand what the problem is, when 2 guards run such an onAccess scan:

    - A file is opened by let's say Notepad.
    - Guard A scans the file. To do this, it has to open the file too.
    - This can trigger Guard B to scan the file as well. And yes, it must read the file too.
    - This can cause Guard A to scan it again, etc. and we're in a loop that takes 100% system ressources and freezes the computer.


    Why doesn't have a-squared this problem?

    It uses only an onExecution scan, but no onAccess scan. That does not depend on the number or types of the used scan engines. Even if our guard would use 5 AV scan engines, without an onAccess scanner there would be no conflicts with other resident guards.
     
  4. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    @emsisoft: Okay, that's good to know :) And if it indeed does run w/o conflicts then I'll be looking forward to this new version.
     
  5. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    320
    Location:
    Nelson, New Zealand
    We've posted some screenshos in the original a-squared Anti-Malware 4.0 Beta announcement:

    http://forum.emsisoft.com/Default.aspx?g=posts&t=3529

    Please note that these screenshots are not final and subject to change.
     
  6. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Not SAS/MBAMo_O
     
  7. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I know Ikarus is very good in detection but I think it has a lot of FPs?

    Thanks
     
  8. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Thanks for the explanation! So is on-access scan the only way signature scanners conflict except for bad coding by the vendor?

    And both engines will be available in the free version right?

    Thanks
     
  9. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    320
    Location:
    Nelson, New Zealand
    There are some more possible conflict scenarios. A common one currently is bad programming of hooks and kernel mode drivers that are used for HIPS and Behavior Blockers.

    Some programs use 'dirty' hook techniques that may not allow other programs to place similar hooks. That results in software crashes or malfunction.


    Yes.
     
  10. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I've been impressed with emisoft's programs for awhile now. Mamutu works well and runs lighter than the competition. Good to hear ASAM shouldn't conflict with other AVs.

    Will have to give this new one a trial. :thumb:
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,316
    Location:
    Hawaii
    The website for Ikarus AV is HERE & is in the German language. To download a trial copy, look in the left-hand column & click the link entitled "Demo Lizenz".

    As you probably already know, you can have Google translate web pages by using THIS link.

    THANKS!!! A wonderful surprise indeed! I had a PM from Mr. Haak and was absolutely delighted to hear from him. He told me that his health problems prevent him from writing new applications or being online very much, but he does regularly monitor the Wilders forum.

    My best wishes go out to you, Mr. Andreas Haak. Live long and prosper! :thumb: :thumb: :thumb:

    The heuristics of Ikarus can be classed as "aggressive." However, you can set them lower if desired. As you probably know, it is a fact that (at the PRESENT state of technology) the number of false positives generated by a heuristic scanner is roughly proportional to that scanner's aggressiveness in detecting a high percentage of zero-day threats.

    Check the March 2008 tests reported on by links at the bottom of THIS blog. The fellow used a grading system (A,B,C etc). For FPs, Ikarus got a "C" along with other AVs such as BitDefender, DrWeb, Kaspersky, VBA32, etc. If you prefer to view raw test data rather than grades, that same blog links to an Excel spreadsheet listing full results.
     
    Last edited: Jul 12, 2008
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    you are welcome my friend. And please folks, quit associating his name with Diamond CS.
     
  13. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I looked at the test again, and Ikarus did get A for both malware and spyware on-demand. But for everything else, False positives(scan of 100,000 files), Performance (scan speed), Proactive detection of new, unknown malware, Response times to new widespread malware, Detection of actively
    running rootkits and Remediation (cleaning) of malware infections, it ranged between B and C.

    Thanks
     
  14. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,068
    Location:
    USA
    I have ASAM 4.0 beta running on XP SP2 along side the latest Vipre AV/AS beta and Sunbelt firewall. The A2 real-time shield is enabled (all features turned ON) and so far there haven't been any show-stoppers. I used Mamutu for quite a while previously and didn't have conflicts/compatibility issues (it worked better than ThreatFire for me).

    By the way, has anyone installed ASAM 3.5 or 4.0 beta on a system running KAV2009? I wonder if they would get along? Perhaps KAV2009 Proactive Defense would have to be turned Off (?)
     
    Last edited: Jul 22, 2008
  15. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Im Running A2 4 Beta and it works fine alongside my Main F-Secure AV for Workstations 7, SAS Pro and MBAM (Full version).

    It did pick up a few FPs on its first scan (like a FP on Wormguard) - these were all from the Ikarus engine - but I have sorted these with a whitelist.

    It is slow on a deep scan - several hours, but appears light with the realtime guard. A2 always did well in tests and now with the new engine running alongside, I would pick it if i had to keep just one of my malware scanners.

    I also run SandboxIE, System Safety Monitor and SuperadBlocker (with realtime scanning turned off) and there apear to be no conflicts.

    You can also get a free 1 year license for a2 at the moment - see a thread elsewhere in Wilders.

    Very pleased with it.
     
    Last edited: Jul 22, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.