Does Kaspersky use/have heuristics

Discussion in 'other anti-virus software' started by trjam, Nov 28, 2008.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Using the AV and there are settings for heuristic settings all the way to deep. But based on this, it shows nothing detected by heuristics. I am confused.
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yes kaspersky has heuristics, although not the best. kaspersky is very signature based, but its proactive security module helps compensate for that.
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello Jeff,
    Kaspersky does have heuristics.
    there are some improved heuristics in beta atm
    they will be released by the end of this year.

    with the current heristics it detected an email attachment as malware. i sent it to the labs to make sure wasnt fp. by then it had been detected by signiture. nice to see the heristics work.
     
  4. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Virusinfo uses virustotal to compile their data...which also means they are using an old v7 build...which means that the heuristics they are scanning with aren't the most up to date or complete.

    They differ from the heuristics in v2009, which are much more "active" at making detections. Plus there is a new overhaul to the heuristics coming before the new year hopefully that will bring in some new features including a strong web exploit and script heuristic scanner.
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Will the new heuristics also be limited only to users of version 2009, or is it an engine wide update such that every program using the KAV engine, including clones and old versions of KAV will also get the benefits?
     
  6. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    I think that the script heuristic module and general improvements to the emulator will extend to v7 aswell, but I will have to check first.
     
  7. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Nope the Anti-Virus SDK still uses ''old'' technology. It's not without a reason why GData changed to BitDefender instead of Kaspersky. I won't be surprised to F-Secure making a move to another engine neither (or fully rely on Hydra in the near future).


    Ps. Back in town, contact you soon mate.
     
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Well the architecture update is here and now on public servers. Ladies and gents, please give a warm welcome to kjim (if not here yet then hes coming very soon :p), the script heuristic module, new naming for heuristic detections and numerous updates to the PE emulator :)
     
    Last edited: Nov 30, 2008
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Now that it's on public servers, you might know better whether the benefits extend to v7 and older versions too.....and the KAV workstation line. If you do, then please do inform me :)
     
  10. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    So will we see even better than usual results from av-comparitives?
     
  11. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    That will come anyway through the regular heuristic updates that come with signatures, but this was a bit special because they have included a new module for scripts/exploits which has proved to be very effective in my testing (I actually think this wasn't released yet, but the other impovements were) and made performance tweaks and other detection enhancements to the normal PE (execuatble) heuristics. Plus with the new naming arrangment they will be able to stuff in a lot more verdicts...aka they are working hard on the heuristic front and are probably going to be targetting many more malware families, as shown by the latest av-c test.
     
  12. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Agree, I think scripts/exploits are still beta

    The new emulator released yesterday-ish has many detection improvements with trojans etc so would improve detection for on-demand tests like AVC (but detections wont be shown on any online scanners inc Virustotal or Virusinfo because of older scanning engine)

    The (currently beta) emulator which is working on scripts and exploits is more veered to protect against driveby attacks rather than increasing on-demand detections (which AVC emphasizes more on), so wont improve AVCs results by much. The majority of the time, its detections will only be seen while surfing the internet to reduce the number of users getting infected by 0-days.
     
    Last edited: Nov 30, 2008
  13. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Wow finally Kaspersky came to the realization that their drive-by download detection is crappy. But wait, I thought they said they didn't need to detect exploits because all their users are fully protected because they are happily patching their machines after religiously running the cool new Security Analyzer feature. LOL.

    Get with the program. Average users don't patch. You need exploit detection and blocking. Can't wait to test out the ADODB.Stream exploit with their new heuristics.
     
  14. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Its not going to detect 100% of exploits, only some, (also not sure what type of exploits). Anyway, with the vulnrability scanner (included in the Full PC scan), users would know if there is vulnrability and they should upgrade... if they dont, thats simply neglect.

    Yes, AVs are there to protect users, but users should also use common sense and initiative to keep themselves protected and by doing that, they would be protected from many exploits. Kaspersky's Vulnrability Scanner is still a step in the right direction to inform the user of this and protect users.
     
  15. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Use please do.... that is one of the exploits types that has been targetted. I think that even the die hard opposition willl say it is a nice improvement.


    *insert picture of orly owl here*
    I beg to differ....we have seen the number of people start to patch rise dramatically since the introduction of the vulnerability scanner. If one person patches, that is a victory because that is one less vulnerability to exploit on their machines. Don't bash it till you've seen it in action.
     
  16. xpsunny

    xpsunny Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    163
    How can I cross check whether the new heuristic engine is installed?


    EDIT: Is it limited to web av module only?
     
  17. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    No, works with fileAV too.


    It still isn't on public servers...only beta server. Look for kjim component in your update report.
     
  18. xpsunny

    xpsunny Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    163
  19. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    The PE emulator update plus the new naming scheme. Kjim isn't out yet.
     
Loading...
Thread Status:
Not open for further replies.