Avira engine update

This is the version number of the new engine:
AV7 7.9.6.2 / AV8-10 8.2.6.2


The following changes were done:

- Added: Detection for embedded flash objects in Microsoft Office Documents
- Updated: Improved detection of exploits for Microsoft Office Documents

 

Cool beans.

 

Nothing too exciting.

Will be much more interesting when you can read "- Added NV AI detection" in the changelog.

But I wonder when that will be...

At least I was able to detect the recent, hm, addition to Avira as TR/Trash.Gen - thanks to the help of FileAssassin.

 

@stefan: When I read your last posts 'bout Avira I'm wondering: Have you left?

 

yep too suspicious

 

no he hasnt.

 

Artificial Intelligence

The need for a new paradigm for defense
Instead of being adaptive, defense is purely reactive. In most cases it involves or essentially
consists in limiting or foregoing some functionality. When a new attack has been
discovered, more often than not the “security” solution consists in reducing the
functionality. One major reason to turn toward AI, is to put an end at the present situation.
The move from DNS to DNSSEC illustrates somewhat the problem with the present
approach. It has improved the security of the internet. But the cost is a complicated system
of keys, whose renewal opens the door for scenarios of failures, which did not exist before.
With DNSSEC the internet is less vulnerable to malicious exploitations of the weaknesses of
the DNS system, but the use of a cumbersome system of authentication for all the servers
involved does not make it more reliable.
The world of web applications is growing fast in importance and size, but in parallel it raises
increasing concerns about security, which will not be solved adequately within the present
paradigm of defense.
Same Origin Policy (SOP) is another example of the “old-fashioned" approach to
cybersecurity. SOP (a policy adopted by most browsers) was designed to prevent the
possibility that scripts originating from other than one site can be run on a web site
(admittedly this has potentially dangerous consequences). Not only attacks such CSRF show
that it is possible to circumvent the same origin policy, but that policy blocks other
functionalities, which could be useful. In the words of Douglas Crockford: “[The Same
Origin Policy] allows dangerous things while preventing useful ones”. The way out of that
dilemma may lie in a much more intelligent defense.
In the case of CSRF, the proposed defenses are either in the website (alerting the system
administrator that the website in its present design allows CSRF attacks) or in the client side.
Typically the solutions suggested either reduce the functionality of the website, changes the
protocol of trusted session by requiring more authentication, or (as is the case with request
rodeo) offers a tool which limits partially the access to websites from the clients. In other
Intrusion Detection Systems
32
words, the solutions tend to make the protocols safer by making them more cumbersome
and the protection often involves a reduction of functionality, i.e. it goes exactly against the
logic, which underlies the success of the internet.
What and AI-based approach potentially offer is a way to address the multiple threats
associated with cybersecurity, without having to rely on an increasing list of changing rules
or security procedures for diagnostic and recovery procedures. If security tools were expert
systems, which could not be abused as easily, the situation would be very different. Ideally
they would understand what users are trying to do and make sure that this is what is
happening. They would develop a sense of “situational awareness”, from which they would
be able to tell malicious activity from legitimate ones. They would be able to make context
dependent determinations.
b. Prospects of AI in cybersecurity
If AI means introducing intelligence in an automated system, there is no doubt that the
future of cybersecurity lies in AI. But AI is at the same time an advanced field and at a very
early stage of development.
The limits of the possible with AI are not known. The limits of the capabilities of AI are a
moving frontier. In a “post biological intelligence” world (P. Davies, 2010), the division
between natural and artificial intelligence will be blurred.
We are still far away from that world, but it is not too early to envision it. And the question
is how should AI be introduced in the world of cybersecurity with maximum effect in the
short term. Should we have a vision of AI-based cybersecurity as a cyber-equivalent of what
happen with the immune system during biological evolution? I.e. of the creation over time
of a large and complex organ inseparable from the rest of the organism? Should the first
phase attempt to build the equivalent of a rudimentary immune system, with the vision of
an eventual large and sophisticated one? Or should the search be more random and based
on trying to introduce more intelligence in security tool whenever possible and wherever
possible? In fact the two approaches differ only on paper. The immune system must have
developed out of a random search as we are told the rest of biological evolution, leading in
the long run to high levels of organization.
To what extent does AI in its present state provide a framework to start building such a
system? It is impossible and not useful here to try and describe a field like AI. On the one
hand it is a large body of academic knowledge (Russel and Novig 2003). When it comes to
its applications, it looks more like a vast and fragmented field. Through expert systems AI
has found applications in numerous fields from medical diagnosis to helping manufacture
to finance management to fault analysis to advanced optimization, and to a too limited
extent to cybersecurity.
Of the many techniques used in AI, when it comes to anomaly-based intrusion detection the
techniques, which seem the most natural are either “statistics” based (Mitchell 1997) or
“knowledge-based”(Kerkar and Srinivas 2009).
The whole area of machine learning tends to make heavy use of statistics. The a priori caveat
with that kind of approach in the context of intrusion detection is the possibility that the
problem (or curse) with false positive re-emerges. If it is possible to set-up the system in
such a way it can “reason” probabilistically (Pearl 198 about events along the lines of the
iterative Bayesian updating described previously, this problem may turn out manageable.
Statistically based machine learning traditionally needs huge amount of data. This may turn
problematic in many situations of interest for intrusion detection.

 

I am still there.

NV isn't such a great name. I would have named it Zoe. I like track 17 from the Caprica OST. Zoe awakens.

 

My wife's name is Zoe. She is sleeping now, but she will awaken in the morning.

(We really liked BSG and the prequels, too.)

 

For those who are interested in the full text

Pdf: http://www.intechopen.com/source/pd...ion_detection_and_artificial_intelligence.pdf

 

Nice & better than stupid copy&paste without source!

 

Damn thing nagged me every minute, so I've ended the process.

 

Looks like AVIRA is slowly sinking into forgotten lands. No buzz around it, no amazing scores, ppl losing interest in it, staff that doesn't seem to have much inetrest in it either since their management is all messed up. They need to get things rollin', otherwise they'll sink the company...

 

+1

 

Well, you should rejoice at this prospect, Avast can only benefit from it. If I were you I'd be careful about your predictions under your breath, a company with a 100 million+ membership doesn't sink so easily.

 

Agree. The long term users of Avira are not going anywhere untill the protection becomes real bad. Just do not see this happening. I have Beta tested all the new AV software and am happy to be back with Avira.

 

100 million free users don't really mean anything... and even if they don't sink right now, they will next year since there won't be enough subscribers...

 

I agree... I think they're on their way down...

 

Maybe Avira is currently being managed by the same people that crashed the Greece economy

 

No...it is definitely Symantec. Look at what happened to PCTools.

I feel bad for Avira though.

 

It only gets better.

http://www.avira.com/en/avira-searchfree-toolbar

Anybody here know what the privacy policy of Ask.com is.

http://sp.ask.com/en/docs/about/privacy.shtml

 

I hate to disagree with Kerodo, since I've known him on this forum for so long, but I don't think Avira is going anywhere. I've changed my mind set about this Ask toolbar thing and it's a non-issue. Norton includes it, other companies do as well. FYI, they've changed the AntiVir Personal 10 SP2 update to not having the toolbar and make Ask your preferred search engine checked now. That is a step in the right direction IMO. Everyone flubs up every once in a while but that doesn't mean you can't recover from it or they're down for the count.

Later...

Bob

 

Opinion makers at Wilders have no impact whatsoever in the big picture, this is no television reaching millions simultaneously. Besides if 100 million mean nothing for Avira then the tide could turn all of a sudden for Avast too. I personally don't give a damn if they go bust (good for you though) but why suddenly is Avira becoming a disastrous company here at Wilders it's a bit of a mystery.

 

I hope you're right Trespasser.....

 

It could affect avast! just as well. But for now they aren't making any idiotic decisions like AVIRA does... besides, i have no wish for AVIRA to go bust even though i'm in the avast! camp. Competition is healthy and AVIRA was one tough competition. With emphasis on "was"...