avg heuristics

Discussion in 'other anti-virus software' started by waters, Dec 12, 2006.

Thread Status:
Not open for further replies.
  1. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Hi,how good are they now.Was they improved with 7.5,and if so how do they compare,
    Thanks
     
  2. ASpace

    ASpace Guest

    Honestly , they are poor . They have never been good . Even the latest AV-Comparatives.org test proves that
     
  3. eBBox

    eBBox Registered Member

    Joined:
    Aug 10, 2006
    Posts:
    482
    Location:
    Aalborg, Denmark
    As far as I know, the latest av-comparatives test, didnt test the 7.5 version, wich are way better than the 7.1 last tested. :rolleyes:
     
  4. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    If they've never been tested, then how do you know they are 'way better'?
     
  5. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    We won't know until next years AV Comparitives, but I am personally hoping Grisoft is right about it.
     
  6. ASpace

    ASpace Guest

    :thumb:

    Waiting for the next AV-Comparatives
     
  7. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I can't say its "way better", but indeed it is better. It probably won't be anywhere near NOD32 at the AV-comparatives proactive test though. AVG's heuristics is based on a Sandbox, and though some detections appear as heuristics, it seems they are not because Grisoft doesn't always add signatures for such detections. Based on the treatment of files detected by heuristics by Grisoft, and by personal experience (as well as some small snippets from support), I made the below conclusion. You will find 3 types of heuristic detections from AVG:

    1) "Could be infected..." detections: These are a kind of variant detection ability. Not sure if it can be counted as heuristic, but they serve as detecting new strains/modifications of an existing malware.

    2) "Suspicion: <Malware Type>" detections: These are heuristic detections in the normal sense, detected by the suspicious behaviour of files not linked particularly to any other malware. This is the kind of detection which should be sent for further analysis to Grisoft.

    3) "May be infected by unknown virus ...." detections: These are a kind of generic detections which base their detection on the behaviour of the malware which pertains to specific malware category (HackTool.XXXX, Riskware.XXXX, Exploit.XXXX, Worm.XXXX, Virus.X etc.)

    4) Also there is Ewido's heuristics engine, but rarely have I seen this in action. How effective this is I do not know.

    I could be wrong in the above theory, but from what I've seen while sending such files to Grisoft, only the "suspicion:" detections seem to require analysis (and signatures are added only for these "suspicion" detections). AVG's heuristics is still not all that clear to me though, but with time I hope to find out more. :)
     
  8. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    avg has always had poor heuristics. The Ewido engine may strengthen the heuristics in AVG AM but i am not that sure. I wouldn't count on AVG pro or free having very good heuristics.
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    But I think the improvements in AVG 7.5 are at least enough to make AVG pass the retrospective tests this time. :)

    I do not expect the heuristics engine to be very good, mainly because Grisoft has been focusing on other things such as Anti-Rootkit technology and polymorphic detection (Almost every recent program update for AVG has had "Improved polymorphic virus detection" in its changelog).
     
Loading...
Thread Status:
Not open for further replies.