Discussion in 'other anti-virus software' started by waters, May 13, 2009.
Does anyone have any idea when a Vista compatible beta will be released?
This link is the forum for Avira about ProActive Beta
When will it go out of beta?
The testers have no idea what time "patience" is the watchword here.
Re: Avira AntiVir ProActiv
EDIT out of topic
hi go go go avira
so any news on this? been pretty quiet.
Wow, it is the most quiet Beta testing i have ever seen... can anyone update me as i wasn't accepted to test the project?
Its been just as quiet for the testers, everyone wants to get on with the show. Just in a wee bit of an intermission is all, it might be a good time to sign up to be a beta tester at this address..
Can anyone shed any light on the difference between the heuristic detection and this new behavioural detection, Proactive? How different are these two techniques?
behavioral detections has its set of rules and if triggered it pops an alert, like a traditional HIPS but with rules that are more specific to be triggered.
To put it very simply the heuristics check the code of a given file for similarities with known malware and depending upon what type of heuristics used,attempting to determine what said code will do.
A behaviour blocker differs in that it analyses what actions a file will perform and using a pre-determined scale to weigh up if it's malicious or not,It doesn't require any signatures to compare the file against.A BB should be better able to discover an entirely new strain of malware than heuristics,which are for variants of existing known threats.
Thank you very much for your quick replies
Somebody is sure that "AntiVir ProActive" is going to be release like a stand alone product? I mean without AV guard and all this.
As far as I know ProActive will only be a component of AntiVir + Security Suite,not a 'Threatfire like' standalone product,unless somebody knows different.
Heuristics- In the context of anti-virus software, heuristic detection is generic detection designed to detect new &/or "morphed" &/or previously unseen malware.
++Heuristic scanning methods often involve emulating the given file's activities in a virtual sandbox.
++Because heuristic detection is rather generic, it is prone to false positives.
GENERALLY speaking (& subject to debate)...
++Great emulators make for great heuristics, but they can slow things down.
++Fewer & fewer FPs make for happier users BUT sustaining heuristic effectiveness while cutting the incidence of FPs is bloody difficult (so I am told).
+++Or - as Grandma used to say, "Heur today, gone tomorrow."
Behavior Blockers (BB)
BB are a class of controls that block hostile operations from executing on a host, such as a command that attempts to write to the boot sector. BB monitor and profile whole program behavior. When a collection of behaviors tips the scale in the direction of *suspicious*, then the BB blocker will (depending on configuration) alert the user or take action against the entire program based on pre-defined criteria.
BB do not care what the motive of the program is, they block *suspicious things* from happening. Airport Security is somewhat analogous to a BB. It doesn't matter to an Airport Security Guard if a person is the best surgeon in the world, that surgeon will not be permitted to take a scalpel onto an airplane.
By the same token, BB do not generally care what the program is. If that program's behavior crosses the threshhold & becomes *suspicious*, the BB will block it. If the BB is set to automatically block programs from doing *suspicious actions* then some *bad* programs will be blocked, BUT some good programs might also be blocked (FP).
Ergo, many BB will ask you a lot of questions (via pop-ups) for at least several or more days after they are first enabled. If you wish to use the BB effectively, you will OFTEN need to decide...
++When to say YES (tell the BB that a given program's *suspicious* action should be allowed), and
++When to say NO (tell the BB that the given program's *suspicious* action should NOT be allowed).
++These decisions require that you know a good bit about computers -- OR that you be willing to do research and learn.
++If -- when in doubt -- you usually fall back on telling the BB YES all the time, then your BB will not be much help to you. Moreover, you will almost certainly disable the BB after a relatively short time.
A good heuristics program, and a good BB program, must move forward or backward. They cannot stand still. What I mean is this -- despite the fact that these types of protective softwares are "signature free", they cannot truly be "update free" or they will shortly be defeated by malware.
Why? Because some of the *bad guys* will study & learn the rules used by troublesome (to them) heuristic & BB software, and will start writing malware which circumvents them (&/or shuts them down). Then the *good guys* will update their heuristics & BB, and reissue their software. Then the *bad guys* will update again. Then the *good guys* will update again -- and so it goes, & keeps on going.
"Round & round she goes! Where she stops? Nobody knows." Wheeee
It's a giant chess match -- which is what keeps me coming back to Wilders. I looove watching the game & trying to understand more about it.
Maybe you like the game, too, huh? If so, bend over & grab both your ankles --- "The game's afoot!"
I didn't realize that this was required to "get into the game". lol
Re: Avira AntiVir ProActiv
What's going on?
Re: Avira AntiVir ProActiv
we'll see if the free version will have proactiv in the final release.
but for now it seems that it will not be in it.
Thank you Leo, will the nag screen be continued?
Just a suggestion to the Avira staff (if they are watching) instead of a full screen popup make a popup like the Malware block alert and just put Upgrade to Avira PRO and get enhanced protection or something like that. I see no reason why it has to be full screen.
It is rather large isn't it, its meant to be.. patience guys it is free remember, well not absolutely free, grab a magazine to read.. as a tester we put our machines on the line for John Q. Public..
Separate names with a comma.