Does AVG Anti-Spyware now do this?

Discussion in 'ewido anti-spyware forum' started by duke1959, Feb 4, 2007.

Thread Status:
Not open for further replies.
  1. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    What's written below was taken off the old Ewido website, and it made me wonder. Does AVG AS now do this since taking over Ewido?

    As written on the Ewido Website.
    Daily signatures ensure the necessary real-time required updates and heuristic analysis detects unknown malware. In the new version of the ewido security suite, which is scheduled for release early in 2006, malware will also be detected on the basis of its behaviour through the integration of a host-based intrusion prevention system (HIPS). The three-level protection will provide an even higher degree of security.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think that "malware will also be detected on the basis of its behaviour through the integration of a host-based intrusion prevention system " means code emulation.
     
  3. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    malware covers a lot. Does it also deal with viruses, trojans, worms, etc?
     
  4. EASTER.2010

    EASTER.2010 Guest

    I installed AVG 7.5 once again tonight. It is a good program IMO and never has made for any anxious moments on my PC. The only item i need to watch is the "Guard". It is so efficient that it will "Lock" a known malware where when you click it the file will refuse to respond. That is a built-in security feature that does a computer good.

    I terminate it ONLY in order to launch my malware files, otherwise they are frozen stiff and will not start at all. That is solid protection with a capital "P"!
     
  5. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Hey EASTER.2010, how goes it? LOL. I reinstalled the AVG Antispyware Component in my Internet Security Suite after reading what you posted above. I do wonder though if Grisoft definitely implemented the behaviourial HIPS into AVG AS? It doesn't anything mention this on their website. If you look on the a squared anti-malware website however, they go into great detail about their IDS realTime Prevention. You would think if AVG AS offered what Ewido had planned in early 2006 with the HIPS it spoke of, that grisoft would be advertising the fact. This is what makes me wonder if they ever did it.
     
    Last edited: Feb 9, 2007
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The A2 Guard and the AVG-AS Guard are entirely different products. The AVG-AS Guard is a signature scanner looking for known malware types, similar to an AV, there is no question of behaviour analysis or IDS. What the future holds I cannot know, but for the present the Guard does what I require and it is the only security measure on my box that I never disable - no matter what I'm installing. If you run something the Guard will scan it - so even if you make a mistake with your execution protection, at least you have another chance to stop the baddie.
     
  7. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    So TopperID, are you saying AVG AS also doesn't even use Heuristics in RealTime? I know it has it for On Demand scanning as the Grisoft website indicates. I just wonder then if it doesn't, why they never implemented what Ewido apparently was going to in early 2006 with Heuristics and HIPS? It is clear that was the plans as I posted above right off the website of Ewido.
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Only someone from the Company can say for sure, but I believe that it does not have the same Heuristic component realtime that it does 'on demand'. Indeed the quote you give states that "real-time required updates and heuristic analysis detects unknown malware". It doesn't actually say that the heuristic analysis is real-time, just the updates; though I agree it is confusing use of language.

    Some AVs give you the option to configure the level of heuristics in the Guard differently from the demand scanner. Typically you would wish for lower heuristic levels in the Guard, to avoid fp problems. The fact the demand scanner can be configured more tightly is one of the reasons why demand scans can be useful. Because the AVG-AS Guard configuration does not refer to heuristics, while the demand scanner does, leads me to conclude that the latter is using a function not available to the former.

    As to HIPS, I'm beggining to wonder if this was a reference to the enhanced analysis section, which enables you to check on various aspects of your system, TCP connections, LSPs, Autoruns etc. You have variuos possibilites to remove, repair, delete, terminate etc not generally available; for example you can terminate multiple processes simultaneously (with use of Ctrl or shift keys) and you can't do that with Task Manager!
     
  9. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Thanks TopperID, very informative, and also very much appreciated.
     
  10. EASTER.2010

    EASTER.2010 Guest

    Indeed, and does it very well. When i first installed it some months ago and began noticing some of my confiement files wouldn't launch i became suspicious at first, then i traced the root cause to the "Guard". It is as you say a "security measure" that is very welcome indeed IMO.
     
  11. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Just saw your post here EASTER, and I see more now the possible need for both PG Free and AVG AS. If I'm understanding right, lets say a fast clicker like myself lets something execute by accident with PG Free, than AVG AS would most likely alert me, correct?
     
  12. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Here's what I received as answer from Grisoft at least about the RealTime Heuristics. And a very fast one at that. Only took 1 day.

    Dear Sir/Madam,

    Thank you for your email.

    If "Use Heuristic Analysis" option is enabled in the AVG Resident
    shield settings, it's applied on the both real time anti-virus and
    anti-spyware protections.

    Heuristic analysis can be enabled/disabled as follows:
    - open AVG Control Center
    - double click on the Resident Shield component
    - tick/untick "Use Heuristic Analysis"
    - confirm the dialog by OK button
     
  13. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The answer given does not apply to the AVG-AS standalone product, since you do not have a "Use Heuristic Analysis" option in the AVG-AS Resident shield settings! :'(

    You only have it in the 'demand scanner' settings.

    So I'm afraid Grisoft are describing an entirely different product. :mad:

    Maybe they should take a little longer over their answers and think them through more carefully in future - assuming your question was posed accurately of course! :p
     
  14. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: You are right, TopperID. I think the reply from Grisoft probably referring to another product, AVG ant-malware, which includes AVG AV and AS. If it is true, I am truly sadden by this unfortunate mixup of their own making. You got to know your own products before giving any advice to your clients.:D
     
  15. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Yeah you got to know your own products before giving any advice to your clients, so it isn't my fault TopperID. LOL. I did forget to mention in my post that I had asked them this question regarding my AVG ISS. I would however, think it would also still be used in the AVG AS Guard, right? I will ask them and get back to everyone about it.
     
  16. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    AVG AS is designed by a different team, therefore the options in the AS guard are not the same as the options in AVG Anti-Malware and ISS....
     
  17. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: In other words, AVG AS could become an orphan eventually ? Less and less work will be poured into AVG AS, while AVG Antimalwares and others will get all the juices they desire ?:oops: I notice that reps from ex-Ewido are making fewer and fewer appearances here at their forum, is this Ewido official forum still on their agenda at all? o_O
     
  18. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I have sent the question of whether or not AVG Anti-Spyware also uses Heuristics for RealTime detection. I even asked them about the plans that Ewido had back in 2006 for Behavioral HIPS detection.
     
  19. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    This is the latest response from Grisoft about my original post.

    ~Private e-mail removed....Bubba~

    They are saying any product with the Antispyware uses Heuristics and HIPS. Strange this isn't mentioned on their website, as it would most likely help sales. It does of course mention "Cutting Edge Technology" for spyware detection. I must add that the response was very quick.
     
    Last edited by a moderator: Feb 28, 2007
  20. KikiBibi

    KikiBibi Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    173
    Duke,

    I'm told by ewido team that:

    The heuristic function of the AVG Anti-Spyware is currently available only for
    the on Demand scanning.

    You should email ewido instead of Grisoft. :D

    Hope this clears things up for you.
     
  21. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Well I gotta say KikiBibi, that after looking at the actual response again it did seem a little less clear than I had originally thought. I believe they are just saying that any of the AVG AS products use the same detection system to find and identify spyware. They are also saying that the HIPS and RealTime Heurstics analysis should currently be running in the AVG AS scanning engine. Scanning engine could mean each file as it is opened, but now with what you are saying about Ewido's response I don't know. Oh well maybe some other people will chime in with help on this. It was also said that some changes have already been implemented, and to stay tuned for new changes to come.
     
    Last edited: Feb 28, 2007
  22. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I will put this question to karl.ewido as I see he is responding in this forum and may know the answer. Does AVG Ant-Spyware use Heuristics and any type of HIPS in RealTime? I have received a yes to this question from a Grisoft Rep recently, but as posted earlier by another member of Wilders who has Ewido AS, according to the ewido team it only uses Heuristics for on demand. I mean no disrespect here, but I believe this is important information for all AVG users and needs to be clarified as soon as possible. So if you could help with the correct answer it would greatly be appreciated.
     
    Last edited: Mar 1, 2007
  23. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I now learned there are no Heuristics used for RealTime Detection. They are only used for On Demand.
     
  24. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yep, no HIPS either. I believe I did catch AVG Anti-Malware detecting a trojan by heuristic detection in real-time (Ewido-style, the naming was defintely Ewido), but no signs of any HIPS.
     
Thread Status:
Not open for further replies.