Avast WEBforum

Other => General Topics => Topic started by: Zyndstoff (aka Steven Gail) on March 29, 2010, 09:49:01 PM

Title: Competitor's Behaviour Shield 64bit
Post by: Zyndstoff (aka Steven Gail) on March 29, 2010, 09:49:01 PM

http://www.h-online.com/security/news/item/Avira-Antivir-10-No-behaviour-based-detection-in-64-bit-Windows-966485.html

And we keep pushing Alwil...  ;D
Everybody is cooking the same stew somehow.

Title: Re: Competitor's Behaviour Shield 64bit
Post by: RejZoR on March 29, 2010, 10:18:34 PM

The main problem is that these behavior shields don't seem to do anything even on 32bit systems.
And that begs the question about their real efficiency... In AVIRA's and avast!'s case...

Title: Re: Competitor's Behaviour Shield 64bit
Post by: Zyndstoff (aka Steven Gail) on March 29, 2010, 10:30:44 PM

What do you mean by "Seem to do nothing"?

Title: Re: Competitor's Behaviour Shield 64bit
Post by: sded on March 29, 2010, 10:36:01 PM

A reasonable article from Vince's shift at Symantec at http://www.symantec.com/connect/articles/behavior-blocking-next-step-anti-virus-protection on the concept of a BB as an automated HIPS.  The date emphasizes the lack of progress in this arena.  I don't think anyone really knows what the Alwil version does.  But if there is really any kind of automated HIPS in there, its performance on the Matousec site is what should have been evaluated, and Alwil should have raised Hell about them testing the firewall alone, not the BB.  AND done the testing themselves.

Title: Re: Competitor's Behaviour Shield 64bit
Post by: RejZoR on March 29, 2010, 11:12:44 PM

Quote from: Zyndstoff on March 29, 2010, 10:30:44 PM

What do you mean by "Seem to do nothing"?

Exactly what i said. I haven't seen a SINGLE alert from behavior shield. Not one. And i was throwing everything at it.
ThreatFire? No problem, throw at it and it will jump on it sooner or later. Kaspersky Antivirus 7 (yes, the very older version), same. It actually cought very new samples with very outdated behavior module because they aren't updating it anymore for a long time.
But avast!. Ok, it has the shield, but for me it doesn't do anyting. Same goes for AVIRA ProActiv that basically works the same as the one in avast!. Nothing from it at all. Like it's not even there. Now if you add something like that to the program i'd expect to see at least 1 detection. Just one would be enough. But nothing, makes me question it's effectiveness.

Title: Re: Competitor's Behaviour Shield 64bit
Post by: Justin_22 on March 30, 2010, 12:28:36 AM

I saw one alert from Avast! behavior shield, and that for a suspicious outgoing connection from when I was testing on a virtual machine. other then that for Behavior blocker I use threatfire.

Title: Re: Competitor's Behaviour Shield 64bit
Post by: Hermite15 on March 30, 2010, 01:10:19 AM

good 8) thought it was completely ineffective on 64 bit systems only (no rule sets), but it seems our 32 bit brothers experience the same ecstatic sensations when the BS is in action ;D