Avira, its cloud and uploading of filenames ?

Discussion in 'other anti-virus software' started by Fly, Dec 18, 2013.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    This has probably been discussed in the past. However, past situations don't necessarily properly represent the present !

    I have two main questions (paid products only):

    - is it possible to avoid using the cloud part of the AV, and if so, how effective will the AV/suite be under those conditions ? I never get infected, but if it doesn't work properly there is no point in using it !

    - does the product upload filenames/paths ?
     
  2. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Create firewall rules to block their cloud servers.
    The 2013 version without APC did horrible in the real world test, so not that much.
     
    Last edited: Dec 18, 2013
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Lol, don't listen to this guy. You can't disable the cloud functionality without severely lowering the protection offered by the product. Why even bother using it? You can block the servers with the firewall, but have fun not getting your normal signature updates also.
     
  4. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    I've already said that. But if he wants it, why not tell how to? Don't get me wrong, no offense to anyone, but no one here always makes purely "rational" AV choices and that's perfectly fine. Although I doubt the OP will or should stick with it for long anyway, he can try it out for some time.
    Maybe I'm missing something, but aren't cloud analysis servers and update servers supposed to be different?
     
    Last edited: Dec 18, 2013
  5. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Many company's use location routes or servers close to the users around the globe, many keep cloud and download signatures in the same servers for convenience and even if it was not so, if you blocked a cloud data server the program would realize and default to another one second closest. Hence its kinda a pointless exercise, hell... the programs are built this was so malware cant create windows firewall rules for the very act of blocking cloud/signature updates.
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I read that test as well and your what we call wrong.:p 97.4 No APC (March to June.) (Aug to Nov) test 99.4 of which Aug and Sept portion used 2013 and Oct and Nov used the 2014 version. We can look at 2012 as well if you like. Not the top scores but darn good. Some others should do so well.
     
    Last edited: Dec 18, 2013
  7. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    a) Yes, it is possible. Just disable the "Protection Cloud" option=
    http://techblog.avira.com/wp-content/uploads/2013/10/config-center.png

    Obviously less effective. Common sense.... (If it was the same effective with/without the cloud, then which was the reason for Avira to produce and for users to install it?).

    Also:
    https://www.wilderssecurity.com/showpost.php?p=2305183&postcount=1063
    http://techblog.avira.com/2013/10/14/advanced-real-time-protection-with-avira-protection-cloud/en/
    ---------------

    b)
     
  8. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    https://www.wilderssecurity.com/showpost.php?p=2305183&postcount=1063
    https://www.wilderssecurity.com/showpost.php?p=2307489&postcount=1113
    https://www.wilderssecurity.com/showpost.php?p=2308696&postcount=1131
     
    Last edited: Dec 19, 2013
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    So Sept did use APC I stand corrected.
     
  10. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    :thumb:
    https://www.wilderssecurity.com/showpost.php?p=2280990&postcount=722

    -------------------------
    November 24th, 2013:
    June 24th, 2013:
     
    Last edited: Dec 19, 2013
  11. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    What anon said.
     
  12. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    You can just turn it off in the cofiguration.

    ~97% isn't exactiy "horrible".
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Thanks for the feedback. :thumb:

    I don't like connecting to a cloud, but using AVs that use the cloud as a main part of their protection does not make that much sense either.

    Avira without cloud may still be decent. Avira's score in the charts is not as bad as I remember.

    Yet, I don't like the shift to marketing and the price increase but that is a different matter.
     
  14. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Good or bad test results are relative. Of course it's great that most AVs managed to block more than 98-99%, but all products will always compete with each other. If an AV misses 2% of all threats while another equally popular one misses only 0.5%, that means the users of the former will most likely get infected far more often. ~97% may look good, but APC-less Avira 2013 was always at the bottom few out of 21.
     
    Last edited: Dec 19, 2013
  15. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    Stefan says the opposite.
    For sure he knows more (about Avira) than you and me ......
    -----------------------------------
    Actually it's decrease (If you have more than one pc) =
    https://www.wilderssecurity.com/showpost.php?p=2317191&postcount=1206
     
    Last edited: Dec 19, 2013
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    He can be a little hard on himself at times.
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Comparing test results before and after the "real-time scanning of programs with the Avira Protection Cloud" feature was added may shed some light on the subject, but I wonder about scenarios such as:

    1) The inclusion and use [by others] of such a feature exposes Avira to more [timely] information which they promptly incorporate into client side updates. Leading to improved detection rates for those who aren't using the cloud features (due to configuration or lack of an Internet connection or ...).

    2) Cloud based detection features get the focus/funding and [possibly over time] the pure client side detection features wane. Leading to reduced detection rates for those who aren't using the cloud features.

    IOW, I think if one is interested in a "with vs without cloud" comparison they would want to see a test of precisely that using the same version. It would be easy to throw samples at a box that has no Internet connection, but a more comprehensive test would be to allow Internet communications/exposures in general while taking steps to disable, block, or both, the cloud functionality.

    With Avira, would the behavior including user-feedback be different between a) real-time APC disabled, and b) real-time APC enabled but no route to the cloud?
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    =
    ............
     
    Last edited: Dec 20, 2013
  19. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I would expect that sequence of events to *not* happen in both of the scenarios I mentioned: a) real-time APC disabled, and b) real-time APC enabled but no route to the cloud. Note that in (a) the user has DISabled the Protection Cloud feature, and in (b) the feature is enabled but there is no way to communicate with the cloud.

    I'm wondering if the level of protection and user feedback are the same in those two specific scenarios where the cloud won't/can't be used.

    I just noticed some descriptions which suggest the ProActiv feature can also send information to Avira and it has a separate enable/disable. So at least when discussing "no phone home" configurations perhaps we'd have to assume that ProActiv is disabled as well(?).
     
  20. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Does ProActiv actually 'do something ' ?

    A long (?) time ago it was (reportedly) almost useless.
     
  21. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    No idea why they can't seem to implement a passable BB while far less capable developers manage to. o_O
     
    Last edited: Dec 20, 2013
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    ProActiv is actually working with 32 bit OSs. I don't think it will ever happen with 64 bit systems because of the long debated issue of Windows Kernel Patch Protection for 64 bit systems which basically doesn't allow any kernel patching, a common problem to several malware developers:
    http://en.wikipedia.org/wiki/Kernel_Patch_Protection
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    ------------------------------
    What is ProActiv?
    http://www.avira.com/en/proactiv

    ------------------------------

    How to deactivate / activate Avira Protection Cloud
    http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1523
     
  24. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    I came here to try to find out a little more about exactly how Cloud Protection works in Avira Professional 14.

    I'm still a little unsure of the specifics.

    How does Avira "know" whether a file is suspicious in order to query the MD5 against the cloud?

    We work with some very specialist applications and have our own in-house applications and it would be nice to know exactly how the product works i.e. does it upload any unknown executable or DLL regardless of size?

    Where is the history logged?
     
Loading...
Thread Status:
Not open for further replies.