Avast! 8 Beta?

Discussion in 'other anti-virus software' started by Brandonn2010, Oct 18, 2012.

Thread Status:
Not open for further replies.
  1. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    No specific changelog o_O
     
  2. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
  3. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    The most changes are cosmetic, elements dimensions changes, new icons and graphics, new fonts. It really looks great now and not like a v7 refresh, it's more like v8 on its own.
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,564
    Good to hear!
     
  5. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,542
    I did the same.
     
  6. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    900
    Location:
    india
  7. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    900
    Location:
    india
    I seriously dont understand how these fanboys are even allowed to troll MT forums
     
  8. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
  9. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    And how it will perform on real tests like AV-Test and AV-C along with VB100%.
    I am expecting few false positives but like i always say, few false positives here and there on non system files is always better than a real malware being missed completely... But we'll see, so far Evo-Gen didn't generate any noticeable false positives...
     
  10. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,280
    Location:
    Germany
  11. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,158
    As Spywar mentioned "To me, this test wasn't very usefull .. We only saw web protection against "malc0de links".

    And as I mentioned NetworkShield detection is mostly not detected by FileShield.
     
  12. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,158
  13. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes and no. testing with live links pretty much tests all the possible protection vectors offered by avast!. It's a multi-layer design in a single program.

    When you download something it is processed like this:

    1. Network Shield inspects the packet data (for specific exploits like the LSASS exploits and auto blocks them)
    2. Network Shield inspects the URL and compares it to the blacklist (URL:Mal detections)
    3. Web Shield scans the actual transfered files and testst them against the blacklist and inside the code emulator (Abort Connection if detected)
    4. Script Shield inspects the scripts during runtime if any got a clear from the Web Shield
    5. File System Shield performs a FileRep lookup for low reputation of files
    6. If file has very low reputation and is only known as malware it is flagged as FileRepMalware
    7. If file has slightly lower reputation, avast! displays a yellow warning where user can decide if he still wants to download it (happens sometimes for updates of not videly used programs)
    8. If file exhibits low reputation or was downloaded by the user despite the point 7. and also carries other suspicious characteristics it will be executed inside Auto Sandbox.
    9. Special heuristic detections are applied to the file on runtime (SQLSNX, Evo-Gen, MSS, MDE etc).
    10. Behavior Shield is analyzing files behavior and is feeding the info to the rest of the avast! modules/shields
    11. Auto Sandbox pretty much allows the file to run full blown inside sandbox and again monitors all its behavior against ALL the above points (from 1-10) and also monitors the files that get downloaded by the malware inside Auto Sandbox.
    If enough suspicious characteristics are detected it will get flagged as Auto Sandbox detection and marked as Dyna: prefix in the Virus Chest.

    It's pretty tricky chain of "checkpoints" and this is the reason why i always recommend that users install ALL the shields even if they think they don't need it for whatever reason. Because when you are removing Behavior Shield, Network Shield or other parts you are effectively crippling avast! detection capabilities.
     
  14. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,158

    Point 7. The above bold happens only for external updates i.e when you download updated version seperately or it can happen with internal update too i.e when you update within the program & autoupdate?

    Point 8. I tested Avast 8 RC1, whenever I got FileRep popup I downloaded the file & they were detected as Evo-Gen or FileRep by FileShield i.e I got FileRep popup for 8 files & I downloaded them & all the 8 files were detected as Evo-Gen or FileRep Malware by FileShield. Does this mean even if you download them they will be detected by the AV?
     
  15. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    I don't think it matters for as long as the EXE is new. Unless the download has been performed by a signed or whitelisted app (i'm guessing).

    I'm not sure what you want to say with point 8...
     
  16. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    900
    Location:
    india
    Thats where my point also lies...In this condition AV-c will just count this directly as user dependent and will not see if file shield detects it with evo-gen...Here is where I am concerned on :'( :'( :p
     
    Last edited: Feb 25, 2013
  17. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    In fact, FileRepMalware comes forum "Malware Similarity Search" so they need to get the sample then analyse it with this system and push the detection through streaming updates ...
    Evo-gen can detect things that have never been seen before (It's pretty good at generic detection).
     
  18. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,564
    RejZoR,

    What are the best settings in the Avast firewall in AIS? Looking to get alerted for outbound connections, but nothing to crazy, as its a family pc. If I am not around they will not know what to do lol.

    Thanks.
     
  19. guest

    guest Guest

    it is good but why is it for only file execute? Why Avast dont use Evo-Gen with ondemand scanner
     
  20. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    I don't know the exact details, but i'm guessing it only works on-execution (just like behavior detection).
     
  21. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
  22. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yeah, well, Vlk didn't exactly explain why like i also haven't because i just don't know. But if the reasons are technical that means it works in a similar way as behavior analysis which can only happen on-access.
     
  23. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,158
    So does it needs internet i.e is it cloud related?
     
  24. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    quality post man, looking forward to installing Avast 8
     
  25. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes, reputation system stands on a cloud foundations so yes, you need internet connection. Same goes for Streaming Updates. A large portion of avast! will still operate fully even when offline though.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.