Discussion in 'other anti-virus software' started by Brandonn2010, Oct 18, 2012.
No specific changelog
It's quite stable.
The most changes are cosmetic, elements dimensions changes, new icons and graphics, new fonts. It really looks great now and not like a v7 refresh, it's more like v8 on its own.
Good to hear!
I did the same.
Someone on malwaretips doesnt see improvements especially guest corp and biozfear: http://malwaretips.com/Thread-avast-8-Release-Candidate-1?pid=106451#pid106451
I seriously dont understand how these fanboys are even allowed to troll MT forums
If they knew the real improvements ... So far it did perfect job on all tests ... Let's see how it does on the official test now ...
And how it will perform on real tests like AV-Test and AV-C along with VB100%.
I am expecting few false positives but like i always say, few false positives here and there on non system files is always better than a real malware being missed completely... But we'll see, so far Evo-Gen didn't generate any noticeable false positives...
avast! Free Antivirus 8.0.1480 RC2
As Spywar mentioned "To me, this test wasn't very usefull .. We only saw web protection against "malc0de links".
And as I mentioned NetworkShield detection is mostly not detected by FileShield.
Are the paid features still there in the free version in RC2?
And I think FileRep popup is big, it should be little small.
Yes and no. testing with live links pretty much tests all the possible protection vectors offered by avast!. It's a multi-layer design in a single program.
When you download something it is processed like this:
1. Network Shield inspects the packet data (for specific exploits like the LSASS exploits and auto blocks them)
2. Network Shield inspects the URL and compares it to the blacklist (URL:Mal detections)
3. Web Shield scans the actual transfered files and testst them against the blacklist and inside the code emulator (Abort Connection if detected)
4. Script Shield inspects the scripts during runtime if any got a clear from the Web Shield
5. File System Shield performs a FileRep lookup for low reputation of files
6. If file has very low reputation and is only known as malware it is flagged as FileRepMalware
7. If file has slightly lower reputation, avast! displays a yellow warning where user can decide if he still wants to download it (happens sometimes for updates of not videly used programs)
8. If file exhibits low reputation or was downloaded by the user despite the point 7. and also carries other suspicious characteristics it will be executed inside Auto Sandbox.
9. Special heuristic detections are applied to the file on runtime (SQLSNX, Evo-Gen, MSS, MDE etc).
10. Behavior Shield is analyzing files behavior and is feeding the info to the rest of the avast! modules/shields
11. Auto Sandbox pretty much allows the file to run full blown inside sandbox and again monitors all its behavior against ALL the above points (from 1-10) and also monitors the files that get downloaded by the malware inside Auto Sandbox.
If enough suspicious characteristics are detected it will get flagged as Auto Sandbox detection and marked as Dyna: prefix in the Virus Chest.
It's pretty tricky chain of "checkpoints" and this is the reason why i always recommend that users install ALL the shields even if they think they don't need it for whatever reason. Because when you are removing Behavior Shield, Network Shield or other parts you are effectively crippling avast! detection capabilities.
Point 7. The above bold happens only for external updates i.e when you download updated version seperately or it can happen with internal update too i.e when you update within the program & autoupdate?
Point 8. I tested Avast 8 RC1, whenever I got FileRep popup I downloaded the file & they were detected as Evo-Gen or FileRep by FileShield i.e I got FileRep popup for 8 files & I downloaded them & all the 8 files were detected as Evo-Gen or FileRep Malware by FileShield. Does this mean even if you download them they will be detected by the AV?
I don't think it matters for as long as the EXE is new. Unless the download has been performed by a signed or whitelisted app (i'm guessing).
I'm not sure what you want to say with point 8...
Thats where my point also lies...In this condition AV-c will just count this directly as user dependent and will not see if file shield detects it with evo-gen...Here is where I am concerned on
In fact, FileRepMalware comes forum "Malware Similarity Search" so they need to get the sample then analyse it with this system and push the detection through streaming updates ...
Evo-gen can detect things that have never been seen before (It's pretty good at generic detection).
What are the best settings in the Avast firewall in AIS? Looking to get alerted for outbound connections, but nothing to crazy, as its a family pc. If I am not around they will not know what to do lol.
it is good but why is it for only file execute? Why Avast dont use Evo-Gen with ondemand scanner
I don't know the exact details, but i'm guessing it only works on-execution (just like behavior detection).
Here is the response
Yeah, well, Vlk didn't exactly explain why like i also haven't because i just don't know. But if the reasons are technical that means it works in a similar way as behavior analysis which can only happen on-access.
So does it needs internet i.e is it cloud related?
quality post man, looking forward to installing Avast 8
Yes, reputation system stands on a cloud foundations so yes, you need internet connection. Same goes for Streaming Updates. A large portion of avast! will still operate fully even when offline though.
Separate names with a comma.