Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: maugrimx on May 11, 2009, 09:48:01 PM
-
i saw on another forum that avast does not use heuristics, is that true? what does the resident shield high sensitivity level do then?
-
The current 4.8 version only uses Heuristics in the anti-rootkit and Internet mail scans. The term Heuristic is also somewhat loose and the avast generic and algorithmic signatures go part of the way, so much so that recent av/malware tests find avast has a detection of over 99%.
Version 5 will have heuristics.
In the Standard Shield it just increases the number of files that would be scanned as many files which aren't either an immediate threat or are not executable don't really need to be scanned as a matter of routine.
I have been using Normal sensitivity for over 5 years, I could bump it up as my system is more than capable to handle the additional load, but I don't feel it is necessary. The Normal sensitivity provides a good balance between protection and performance.
-
Version 5 will have heuristics.
good :)
-
Heuristics are overrated. Many antiviruses hype them but only few actually have major detection gain from them. For example AVIRA uses them greatly. But i've never seen AVG detecting anything with heuristics even though it has nice "Heuristics" checkbox.
-
Norman AV uses heuristics, but look at the detection rates...
Much behind Avast in all the tests I have seen!
Obviously other factors are important as well.
Regards
HL
-
Heuristics... the magic word for happiness and security...
What are we talking about exactly? ???
-
So yeah Avast! 4.8 is really good in detection so wait when its will got heuristic and a firewall ..... on the version 5 its will be a bomb i think :)
-
Heuristics are overrated. Many antiviruses hype them but only few actually have major detection gain from them. For example AVIRA uses them greatly. But i've never seen AVG detecting anything with heuristics even though it has nice "Heuristics" checkbox.
antivir and avast have detected malware quite often on websites to me but avg does rarely detect anything.
what is the purpose of the option "send statistics to avast" when malware is detected?
-
Even the current version of avast uses many techniques that could be called heuristics (i.e. detection of malware based on some sort of fuzzy matching etc., ability to detect samples we have never seen etc.).
what is the purpose of the option "send statistics to avast" when malware is detected?
It helps to build stats like this
http://www.avast.com/eng/latest-virus-report.html
Obviously our virus lab has even better reports at its disposal, for research purposes.
Thanks
Vlk
-
Even the current version of avast uses many techniques that could be called heuristics (i.e. detection of malware based on some sort of fuzzy matching etc., ability to detect samples we have never seen etc.).
what is the purpose of the option "send statistics to avast" when malware is detected?
It helps to build stats like this
http://www.avast.com/eng/latest-virus-report.html
Obviously our virus lab has even better reports at its disposal, for research purposes.
Thanks
Vlk
thanks for the explanation :)
-
I use PC Tools "Threatfire" together with Avast 4.8.
Threatfire is solely heuristic if I understand the program correctly (and free.)
No compatability problems on a Vista 32 laptop.
N.B. PC Tools recommend you do not register Threatfire with Windows Security Centre. This is the default loading setting.
My Firewall is Comodo (of course ;D) They all seem to get on well together.
Hope this is helpful.
-
I use PC Tools "Threatfire" together with Avast 4.8.
Threatfire is solely heuristic if I understand the program correctly (and free.)
My Firewall is Comodo (of course ;D) They all seem to get on well together.
I don't know much about heuristic, but my friends who use Avira (and some use PCMAV a local antivirus) sometimes complaint me they found number of viruses over my UFD (portable drives), I scan using avast, found nothing, they scan again there are still the same numbers exist.
I usually said to them, are you sure they are viruses? Even the generic name smeel suspicious. At the end the same files no longer detected as a virus after they update their AV couples of time. I just don't understand why bother with that kind of stuffs if we have a better detection with lower false positif detection?
He he, personaly, I prefer outpost firewall than comodo (they both have free version), of course I have my own reason ;)
-
Hi Haridiva,
There is also a disadvantage to heuristics as is to everything, heuristics may find a secure program to have qualities of an undesirable program and flag it, while it is a false positive. Heuristics are fine, but one has to check up if the find is real malware or not,
polonus
-
Polunus,
Well, I love to say so. But for what I want to be a concern, there are a lot of people like me with low knowledge about this things, we don't know what is mean by "false positive", or any kind of them. But fortunatly, I know this forum, so I can learn how to solve for my self if I found any issue just like this one, and I know how to ask if I can't solve it.
But I guess, there are more that don't know anything about this. They are "pure user", who done "install and forget" (I am some how like that). They only need function from computer, and throw away security responsiblity to the security software they use or purchased.
Well, thanks Polonus :)
-
I like Malwarebytes' Anti-Malware (MBAM) that uses huristics very effectively to hunt out malware and has few False Positives and are corrected quickly if reported:
http://www.viruslist.com/en/glossary?glossid=153654932
I do not use Comodo:
http://forum.avast.com/index.php?topic=46737.0
-
I use PC Tools "Threatfire" together with Avast 4.8.
Threatfire is solely heuristic if I understand the program correctly (and free.)
No compatability problems on a Vista 32 laptop.
N.B. PC Tools recommend you do not register Threatfire with Windows Security Centre. This is the default loading setting.
My Firewall is Comodo (of course ;D) They all seem to get on well together.
Hope this is helpful.
Old ground I know but... heuristic analysis = guess.
By contrast, Threatfire's detection is primarily by analyzing behaviour, not by fuzzy matching/guessing.
Confusion partly comes from products, even some otherwise reputable ones, using the word heuristic as a buzzword for sophisticated detection method.
E.g. ESET coined the term "Advanced Heuristics" for their behaviour analysis technique.
-
Actually "Advanced Heuristics" isn't ESET trademark :P ThreatSense is and means the same thing by ESET terminology. And this one is their trademark.
-
Actually "Advanced Heuristics" isn't ESET trademark :P ThreatSense is and means the same thing by ESET terminology. And this one is their trademark.
Thanks for the clarification RejZor. (It's that early-onset Alzheimer's again! :-[)
This page (http://www.eset.com/products/threatsense.php) is the one I was trying to remember, specifically:
"ThreatSense also uses an advanced heuristics engine to dramatically extend detection capabilities - far beyond those of conventional signatures. It actually decodes and analyzes executable code in a protected virtual environment. Doing so allows it to identify the intended behavior of today's continually evolving threats - not just viruses and worms, but bots, rootkits, and other trojans. This finely tuned engine catches an outstandingly high proportion of new malware missed by vendors relying on signature updates and less advanced proactive detection. You can learn more about heuristics and other detection techniques from this ESET white paper (http://www.eset.com/download/whitepapers/ESET_IDC-VendorSpotlight_July2007.pdf[/color)."
-
At the risk of going slightly off-topic, now PC Tools (https://email.pctools.com/servlet/website/PersonalizedForm?iJmslEuLPl_TCTC_vgspgLE.26f7beEiJ-iLmLFhimNlgLmDJhtDHN#Heuristics) is "muddying the waters":
"Heuristics - Psychology 101?
No, this isn't an introductory Psychology lesson! Heuristics is a term used to describe the different types of anti-malware technology. Anti-Malware technology comes in two main forms, signature and behavioral based protection."