Heuristics in action

Discussion in 'other anti-virus software' started by CloneRanger, Mar 11, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Can't find the AV test thread that had a text file of fresh 10 malware sites in it ? Maybe it was removed :( Someone would have to go through several hoops to actually get to those sites though :p Anyway glad i got it whilst it was there :D Thanks to whoever it was :)

    Visited all those 10 sites in the list, and one in particular was so FULL of assorted new nasties i lost count. I managed to get into their directories, yes many of them, and pull out every dodgy looking file i could find. As they were chockablock with stuff it took me quite some time to do this, and download them all. Nearly gave up there was that much :D

    I had to 7Zip and upload them in FOUR seperate stages, including a rapidshare link for the extra large files. I used http://analysis.avira.com/samples/index.php and virus@avira.com via hotmail. As AntiVir are good enough to supply me with a Top free AV, i feel i'm doing my bit by sending them whatever comes my way, fair exchange i say.

    Anyway what follows is just the tip of the iceberg, from their first report batch. A lot of them were caught by AntiVirs heuristics as i tried to download them, and before i did.


    Click image for full size


    vt-m.gif

    Looking forward to the next reports on the others. Well done Avira.
     
  2. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Which version of Avira did u try?
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @icr

    More than try :D i've been using for several years.

    Avira AntiVir Personal Product version 9.0.0.419
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Looks more like viruses known, well they have names at least :D
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Noob

    Yeah that's because Avira named them after anaylising them and discovered they were Actually malware.

    The ones that were intercepted and detected by heuristics as i tried to download them, were given temporary names that appeared to be similar in certain ways to known threats.

    Take another look at the screenies descriptions.

    :thumb:
     
  6. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    It's the only free AV I'll ever use :thumb: Nothing else has ever impressed me,period.
     
  7. kmr1685

    kmr1685 Registered Member

    Joined:
    Aug 22, 2009
    Posts:
    62
    avira having best heuristics in terms of false positive.it is just like a Japanese samurai sword who using it based on that fact it will be useful. if nobody understand my posting sorry i not able to explain more than this :) bye bye
     
  8. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    What a BS.
    In more than two years using Avira Premium, I just had one FP: exactly 1.
    That one was corrected within one hour! Yes that's right, within one hour.
    :argh:
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Your experience doesn't make someone else's experience "BS". The facts support him if you look at tests.
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I agree with FunkyDude. The only BS would be the fact you only ever got one FP with Avira.:cautious:
     
  11. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    Fact of the matter is Avira has excellent heuristics. Have used it for years and had only a few false positives. Guess the fact that everyone surfs in a different way diferent sites etc. will also make a difference. As far as the tests go I take them with a grain of salt. I remember some time ago a top AV that I used because I went by the tests let many trojans in. Have had Avira for years and in the real world has protected be very well. :thumb:
     
  12. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    3 years and 0 false positives but I probably don't surf on the dark side that much.
     
  13. thegoat

    thegoat Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    17
    I have been using Avira on demand for over 1 year and I have had 2 false positives which were corrected within a few days. Both files I knew were safe anyway. The fact is that I would rather my antivirus be paranoid than to miss things. The way I use it on demand suits me well. For the not so knowledgeable, it might be a problem. But from what I am reading here, it would suit everyone on this forum just fine.
     
  14. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Without the latest VDF.It is Avira's proactive detection technology?It is as the same as Kaspersky's HIPS?
     
  15. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Avira have a very strong HIPS..Even we have saw this on last year AV Comparative tests...
     
  16. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I have had the same experience with Avira. Only a couple FP's over the years and I run my heuristics cranked to the max. But the detection of actual stuff is very very good. I am a happy Avira camper.
     
  17. JasSolo

    JasSolo Registered Member

    Joined:
    May 9, 2007
    Posts:
    414
    Location:
    Denmark
    Hmmm, so now you know what's going on, on other peoples computers as well?!....You never stops to amaze me, trjam ;)
    By the way, every AV and/or IS have FP's from time to time, claiming different is BS to me ;)


    Cheers
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Avira does NOT have a HIPS.

    In the near future, Avira will have a behavior blocker (of sorts) when version 10 (now in late beta) is issued. But it has not had any HIPS in the past. It has had excellent heuristics, but heuristics is not HIPS.
     
  19. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Have you seen AVC's comparative test where Avira got dropped down an entire rank because it had to many FP's?

    Avira flags alot of harmless files as FP.
     
  20. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    They can drop it 5 ranks for all I care. Tests mean nothing in real world protection.
     
  21. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852

    That's funny, because I'm pretty sure most people started using Avira in the first place because of tests!
     
  22. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    In the real world those FP's can render your OS useless.
     
  23. thegoat

    thegoat Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    17
    Depends on the context. But yes, it can, although this is completely user dependent. What might be more worrying for others are those FN's (false negatives) destroying your computer.
     
  24. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Aviras detection rate at AVC of 99.7% is because of FP's. Without those FP's its detection is much, much less making it worse than the next best that doesnt have FP's.

    Id rather get a virus that wipes out my system and destroys the MBR rather than have Avira delete my important Windows .dll files and figure it out in the middle of something important when the system crashes or doesnt load.
     
  25. thegoat

    thegoat Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    17
    Wait, what do FP's have anything to do with TP (True Positive) detection rates? I think you have completely mis-interpreted the data there.
     
Thread Status:
Not open for further replies.