Avast WEBforum
Other => General Topics => Topic started by: leemar on July 13, 2008, 12:35:07 PM
-
Does AVAST Resident scanner is using HEURISTIC ANALYSIS? because ive read all about the software can't find that its using heuristic analysis for UNKNOWN THREAT.
DOES ANYONE HERE KNOWS?
AVG is using Heuristic same as AVira and PC tool Free editions.
-
A new feature of version 4 is heuristic analysis of e-mail scanners. This feature can protect against new, unknown viruses and worms that are not possible to detect by the usual means. The heuristic module performs a thorough investigation of every e-mail message and watches for suspicious signs, that might announce virus presence. When the number of those signs exceeds a user-defined level, the message is considered dangerous and the user is warned
on this page.... http://www.avast.com/eng/avast-free-home-antivirus-antispyware.html
-
They have chose to use generic signatures instead of heuristics.
Maybe we have some news in version 5 by the end of this year, who knows...
-
so you mean avast is only using it's virus definition for it's real time? and on demand scanning?
are you sure? how come avast is not using heuristic?
-
I can't answer for Alwil and a proper answer would take many pages, but....
Compared to the standard technique of determining that a file is an exact match with an already recognized and classified threat, heuristic detection is an 'educated guess', a simpler, quicker way of determining that a previously unseen file is likely to be dangerous based only on its resemblance to other files. It's a pragmatic compromise aimed to be of benefit in reducing AV overhead and/or catching previously unseen threats and is prone to 'collateral damage', i.e. false positives. This is at least partly why avast! has heuristic scanning email but not for the Standard Shield or other providers.
Instead, avast! relies on extremely fast definition updates and more recently, generic signatures e.g. 'trojan.gen', whereby the 'educated guess' is made by those analysing and compiling the definition update rather than by the program itself in real-time.
(Note: The latter is my own supposition so please, someone from Alwil, correct/qualify as necessary.)
-
does it mean that avast professional 4.8 does not also use heuristic analysis, because for me it's very important that security software uses heuristic, because updates are late, virus and other threats came in first, so if this is not included in the definition database it will not detect it.
how come avast has false positive, when it does not use heuristic.
-
wow, i already confirmed that Avast 4.8 home or professional edition doesn't use HEURISTIC ANALYSIS, i emailed their technical support and they answer in just 30mins. They confirmed that AVAST does not use HEURISTIC.
tHANKS FOR THE PROMPT ACTION.
===============================================================
Hello,
Thank you for contacting our support center.
You are right, avast! does not use heuristics analysis but uses it´s virus data base.
If I can be of any further assistance, please do not hesitate to contact me again.
With Kind Regards,
Petr Bucek
Technical Support
Alwil Software a.s.
Ticket Details
===================
Ticket ID: NTT-416384
Department: [ENG] Technical support
Priority: Default
Status: On Hold
===============================================================
-
Thats a well known thing about avast!. Surprisingly it's holding pretty well with just signatures. It'll get behavioral detection module sometime in the end of this year, probably a beta version first...
-
Avast will be best antivirus if it will come with heuristics in future versions :)
-
yes you are right, heuristic analysis is the only thing that differs every anti virus programs.
-
remember the generic .gen feature
-
avast contains algorithmic detections for more than 170 virus families (not the signature-based nor the generic signatures in this case.. just a piece of code) and the number is increased every week... how do you think the file infectors (and others) could be detected when we would be limited to signatures, hm? :P
-
for me it's very important that security software uses heuristic, because updates are late, virus and other threats came in first, so if this is not included in the definition database it will not detect it.
how come avast has false positive, when it does not use heuristic.
Hi leemar.
For me it's very important that security software is highly effective with minimal impact on the user (the eternal compromise) whether or not it uses heuristic "short-cut" guesswork. The fact that avast! is able to check algorithmically for so many malware families with as little performance impact as it causes is impressive in itself.
Speaking of algorithms: UNKNOWN THREAT + HEURISTIC ANALYSIS ≠ GUARANTEED DETECTION
E.g. if Kaspersky has "better" detection of unknown threats than avast!, it's not just because it uses heuristics.
Similarly, with False Positives, heuristic analysis may be more prone to FPs but that doesn't mean that algorithmic analysis is exempt.
Good coding = efficient coding = minimal coding. Generally speaking, a good program is like a yacht that's always sailing "close to the wind". It runs fast and smooth without crashing but is always on the edge of disaster. Under that sort of pressure mistakes will occasionally happen.
-
but all anti virus software should include heuristic analysis (not just heuristic but a good one) like eset threatsense technology. false positive is very minimal. but my question is if avast uses only definition base detection how come it has so many false positive lately? supposed to be all definition included in it's database are all known threats.
-
You have been told why in another topic that you have asked the same question. avast! doesn't only used just signatures in the traditional defination of signatures, e.g. 1 signature detects 1 virus variant.
When 1 signature/algorithm can detect multiple variants then they are more akin to heuristic detection and prone to FPs whilst those signatures are constantly fine-tuned.
-
like eset threatsense technology
Vlk posted elsewhere doubting the efficiency of eset nod32 detection nowadays...
But leemar, aren't we and Alwil team answered this already? ???
-
but all anti virus software should include heuristic analysis (not just heuristic but a good one) like eset threatsense technology. false positive is very minimal. but my question is if avast uses only definition base detection how come it has so many false positive lately? supposed to be all definition included in it's database are all known threats.
Bingo! It could be that ESET's terminology is confusing the issue for leemar.
In describing 'Threatsense' on their website (http://www.eset.com/products/threatsense.php), they explain well how their products incorporate "signature", "sophisticated heuristic" and "generic" detection. But then they go on describe what I would call behaviour analysis as "advanced heuristics".
"ThreatSense also uses an advanced heuristics engine to dramatically extend detection capabilities - far beyond those of conventional signatures. It actually decodes and analyzes executable code in a protected virtual environment. Doing so allows it to identify the intended behavior of today's continually evolving threats - not just viruses and worms, but bots, rootkits, and other trojans." (http://www.eset.com/products/threatsense.php)
IMO this is not what the word heuristic means... though it may well have changed while I wasn't paying attention. ;D
-
That's why I said earlier when saying avast version 5.0 isn't going to have Heuristics as there is a fairly clear definition of what Heuristics is. So what avast intends (more a behavioural function from what has been gleaned on the forums) wouldn't fall within that definition and neither would the description of ThreatSense.
So the definition of heuristics hasn't changed whilst you weren't paying attention ;D or I wasn't paying attention either ;D