AVG Purchases Behavioral Detection Technology to Bolster Anti-Virus Defenses

Discussion in 'other anti-malware software' started by Pedro, Jan 13, 2009.

Thread Status:
Not open for further replies.
  1. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
  2. jeremy_pickett

    jeremy_pickett Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    11
  3. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Re: Sana Security has been acquired

    Hmmm... So no more Norton AntiBot, I guess ;)
    Symantec will just have to rebundle Threatfire...

    But this is a positive note. Hopefully, they will preserve Sana.
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Re: Sana Security has been acquired

    It could spell the end of Threatfire free though on a negative note.:doubt:
     
  5. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Re: Sana Security has been acquired

    True... :'(
     
  6. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Code:
    At the same time, AVG will continue to maintain low PC resource utilization for optimal system performance, a critical requirement both for the individual at home and for the business user,” said J.R. Smith, CEO of AVG Technologies.
    Who is he kidding? The fat getting fatter :cautious:
     
  7. progress

    progress Guest

    Very nice technology :p AVG is getting better and better ...
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,950
    Location:
    U.S.A.
    IMO, if the prior acquisition of Exploit Prevention Labs is indicative of what to expect from AVG in the near future, as they add Dana Security's technology to their product line, it will not be a smooth transition at all.

    Let's hope that AVG learned their lesson with LinkScanner and really test the new incarnation, before releasing it to the public.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well,

    Now there are three

    - A2 Malware = fully integrated AV + AS/AT + BB
    - Norton end of 2009 = Norton 360 with TF technology
    - AVG end of 2009 = AVG + PRSC

    Avast has announced behavioral blocking in V5

    So what are the others going to do?
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    same thing:thumb:
    by the way avast already has a bb;)
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    What do you mean the mail thingie or the ancient blocker in the standard shield :D
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    the anciant blocker:D
     
  13. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    well i dont really need all these BB + AV integrated producst coming out, Avira's heur does a wonderful job at getting the unkown's and makes up for the BB IMO, besides thats why i have CIS and Mamutu :D
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I agree :thumb:
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i agree i also loves those two:thumb:
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well guys,

    Two observations

    A) Avira advanced heuristics of the V9 engine will problably deal with 85% of the zero day threats

    B) ThreatFire and A2 Malware are examples of excellent combi's (AV + BB) of which A2 has the best detection ratio. I have tested TF against Malware Defender and the only intrusions on which a behaviour blocker currently does a worse job than a classical HIPS is
    - CPU/disk load (then again nothing is so light as Malware Defender)
    - Intercepting/simulating API calls like SSS does (these are considered normal operations)
    - dealing with messages (which is quiet normal manner of inter program communication) as a staged intrusion

    C) Behavior blocking is a splendid way to make your AV more effective. Currently AV's have to balance between deep scanning and performance. When an BB notices an intrusion it immediately jump starts the black list engine, to check whether it is a known malware (ThreatFire does so). Because teh AV is triggered at exceptions and not on every day normal operations the heuristics/packers handling can be very thourough. This in itself increases the effectivity of an AV (blacklist)

    Cheesr

    D) Future trends will combine blacklist, behavious analysis and virtualisation, i
     
  17. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    What percentage of zero day threats does an average AV detect?

    Thanks
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hard to tell, Kapersky also has high percentage, somewhere between 0 and 75 percent
     
  19. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thats only cuz kaspersky has some sort of HIPS built-in though.
     
  20. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I'm a bit confused cause I saw in AV-Comparatives ProActive Test report, they said "If the anti-virus software is always kept up-to-date, it will be able to detect more samples. For understanding how the detection rates of the Anti-Virus products look with updated signatures and programs, have a look at out regular on-demand detection tests." This makes it sound like AV's regularly have 90% + detection in the real-world, but I thought this wasn't the case.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Someone,

    Most AV's have a detection rate of over 90% (some even 99%) when confronted with older malware. Detection of new malware (which fingerprint is not in the black list data base yet) has a lower detection rate.

    AV's with some HIPS build in like Kapersky are able to tackle 75% of them. Avira with its old heuristics manages somewhere between 70 and 75 percent detection (so this are new malware samples). Avira V9 will have a new Advanced/Active heuristics which I have tested. It wiped out nearly 85 percent of the new malwares. So most AV vendors seem to add HIPS or behavioral blocking to their defense, while Avira is perfecting the heuristics approach (and achieving better results than other AVs).

    Most competitors are not able to detect more than 20 - 50 percent with heuristics. So Avira has a secret trick which makes them stand out.
     
  22. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Maybe 90% detection on the virus list. But when in-the-wild samples are used, most scanners corner about 30-40% detection. The stellar ones can garner get 50+% detection, but never 90%. Thats why you need more.
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Zero day, in the wild, zoo catelog

    A- Birth of Malware -B- First infection -C- First detection -D- Vaccin creation -E- Cure listed -F- Cure downloaded - G- OLD remedies - H

    B through D often called "zero day"
    C through F often called "in the wild"
    E through G also called "virus list"
    F through H also called "zoo"

    So detection rates vary on the definition used

    Cheers

    Kees
     
  24. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Well, about Symantec and Anti-Bot... how does it work when they're supposedly having this technology implemented and continually enhanced now in their SONAR-component (while seemingly not quite as effective as the stand-alone application even if stated as such and even better by Symantec and their "testing" - as seen in a topic during the NIS/NAV09 beta-period where a user was infected by malware crashing his RPC-service and NIS would not detect it, installing Anti-Bot and it was)?
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    didnt AVG buy some script company last year and how has that made them better. It to me sure as hell happened with what I see. I am getting really pissed as to what the real motive of some larger corps buying out the small fish. Is it really to enhance their products or to shut them up. This doesnt just apply to AVG.
    Show me one instance where a large vendor bought a small one and made it worthwhile to the consumer. And please, dont use Comodo for an example.

    I mean if I really wanted to build a product that would sell and crush the rest, it would be one that has a solid firewall, a AV like Avira, would offer Tzuk 2 million for Sandboxie, would offer Ilya 2 million for Defensewall and through in some bucks for AntiSpamSniper for my antispam. It is simple if I have the money and the common sense to leave each module as is. Ugh!!
     
Loading...
Thread Status:
Not open for further replies.