[Wishlist] For avast! 8 - Suggestions and discussion

[Nesivos]

+1 I would love to see an Avast portable scanner too

Asked before... But would it worth? I mean, something like Stinger of McAfee...
We had "The Cleaner" tool of avast! but it was dropped a long time ago.
Drivers and services need to be running for protection and, also, for some specialized cleaning too.

Malware removal tools like McAfee Stinger are marketing and sales tools.   They are offered for free and sometimes require filling in your name and email address to download them.   They are used to get people to buy the complete version of the AV program offered by the AV vendor.  Having said that they do provide a nice second opinion and most of them will scan and many even quarantine or remove any malware they find, even with a primary AV pogram on the computer.    You just have to make sure that you are downloading and running a removal tool and not another anti-malware program.

Stinger has found some stuff on my computer in the past.   It is definition based with a limited number malware definitions.   McAfee claims the definitons in Stinger are of the most popular form of Malware.   It runs slow but is very thorough with respect to file checking. As I recall it even scans inside of archives.  I would recommend it as a second opinion malware removal tool unless you have an old computer, then it will take forever to complete a scan unless you have very few files on your computer.   

[Lisandro]

avast! does it much better with the compatibility mode (that allows be running side by side with other antivirus and give us scheduling, full definitions, etc.).

[asl970]

All about the virus database :
* is it me, or is there no warning pop-up when your virus database gets outdated?
* so, a configurable option to be warned, or not, if the database gets outdated.
* a configurable delay (in hours or days) after which the database is considered outdated.
* the release date of the database rather than the version should be displayed in the summary tab.
* the release date of the database could be displayed when hoovering the orange ball in the systray.

(the version number of the virus database, like '12125-0', is quite useless for the basic user,
so making this number available in the 'maintenance'>'update' tab should be enough)

you are missing 1 more number,
the virus definitions version: is yymmdd-(version)
eg: 121126-0 = 2012-11-26 '1st update of the day'
      121126-1 = 2012-11-26 '2nd update of the day'
     

[vikz_89]

Hey Guys,

Hope this is the right forum to post some suggestions regarding the upcoming version.

One feature, that I would love to see in Avast! 8 would be having the Behavior Shield to be more interactive and more active something like (perhaps) Threat Fire. 

I agree, that having it too interactive will make it rather chatty  , but perhaps, may be 'if' the 'ask' option is enabled (in behavior shield module), than maybe the 'advanced' users, can like see what really is happening. (behavior shield being active, than being rather very very silent in the background)  . Maybe like just get a small pop-up, telling that behavior shield is analyzing something (something like Symantec Norton's S.O.N.A.R small check box spinning, and then a red for bad reputation, green for good, and black for unknown)

Another thing, (just a minor thing), perhaps would be to have the File Reputation Warning more often, as like something in Kaspersky, where we can view (right click), like whether it is safe or still unknown, and then maybe have a suggestion, as to what other fellow Avast! users are doing with such file. .

Besides that, I really love the current Avast! 7, it really has improved from its predecessors. Keep up the good work guys! 

PS - I am a newbie, so do forgive me if some of my suggestions have already been voiced. Sorry. Good Day all. 

[Dch48]

For me in AIS 8, I would love to see Firewall rules cleanup, better Behavior Shield, improved whitelisting in all shields, and the retention of almost completely silent protection. You could dump WebRep for all I care.

[jefferson santiago]

Hello everyone on the forum.
avast does not scan the windows registry, avast scans several places, the local disk, removable drive, system volume information, the folder windows etc.porém avast does not scan the keys and values ​​of the windows regedit, it does not have the scanning either the fast or the complete system, not even in scanning custom.is something really serious because many end up hiding rootkits this lugar.se I have more suggestion to implement'm sending.
 

[Coolmario88]

I think avast should scan the registry..  Maybe add a "Registry Scan" Feature?

[jefferson santiago]

as the policy is not avast Hips, how would detect it against Rogues software (fake antivirus), already exists fake antivirus for Windows 8





Windows 8 was officially launched last Friday, October 26, and a few days after the first fake antivirus for the new operating system has begun to circulate on the Internet.
  the program has the same concept of fake antivirus previous aimed Microsoft systems such as Windows XP and Windows 7.
The company identified the threat as "TROJ_FAKEAV.EHM" and would be the first fake antivirus for Windows 8.
The malware displays a fake result of a scan on the files, which takes users to buy a fake antivirus program that claims to have been developed specifically for Windows 8.
Typically, sites infected with malicious JavaScript can lead users to a page containing a fake antivirus, known for turning PCs into hostages and used in attacks by zombie networks.
Other viruses found by the company are phishing messages that arrive by e-mail offering a free upgrade to Windows 8. However, the user is directed to a site where personal data are requested, which can be used for various illegal purposes.

the module of avast behavior must rely on whitelist and blacklist, whitelist and blacklist applications.
needs improvement for detecting those threats said the last minute - and too recent for which there are no signatures that detect.

[igor]

I think avast should scan the registry..  Maybe add a "Registry Scan" Feature?

And what exactly is a "registry scan"?
Malware cannot place itself into registry. It can point specific registry keys to its files on disk (so that they are automatically started) - and those keys are already processed and cleaned by avast!.

[khasa]

The new Avast 8 should be up to date with how malware spreads today. Nowadays the majority of malware spreads through websites (driveby, exploits etc),. Then we have malware spreading by USB and by downloading files.

Suggestions:

1) Make heurestic detections a lot better and smarter. I do not know exactly how as I am not familiar with how Avast heurestics exactly work, but today signatures are mostly useless. Antiviruses must work on heurestics to find malware. By making heruestic detections better it also means making the behaviour shield better.

2) Whenever you download a file, you can see how many other Avast users use it and first time it was seen. That way you get some reputation statistics. This helps a lot, especially when you for example thought you downloaded Avast free but in reality it's a trojan that like only 10 people have got. Before anyone mentions sandbox I just want to say some apps do not work in sandbox but you still want to run them.

3) A lot of malware nowadays gets through by the web. Therefore improvements to the web defense and WebRep. For example, ability to report websites directly through webrep that send out malware and that Avast dont catch. Smarter web defense so that drive by's and such can be found.

4) Defense against USB autorun. Yes, I know Avast autoscans USB. But what if there is USB autorun that Avast does not know is a malware because it's not in the signatures and heureustics does not detect it? Ability to "immunize" by completely blocking autoruns or Avast quickly stopping all autoruns when USB is inserted.

5) Switch the flash statisics in Avast with another system. I for example do not use Flash and this means I can't see the statistics

6) Malware are getting smarter and today they manage to hide in different places, for example MBR and such. Even by reformatting you won't remove them. Introduce features to combat these new hiding techniques. It does not matter if Avast can't remove them, atleast notify me so I can manually remove them. I am aware Avast already has some protection against this, but as this is increasing it won't be bad for Avast team to keep this in mind.

[Lisandro]

I am not familiar with how Avast heurestics exactly work

Rules that are checked.

but today signatures are mostly useless

Myth. There are also generic signatures that could manage a lot of viruses families.

Antiviruses must work on heurestics to find malware.

avast! uses heuristics (a "magic" term used in very different meanings...).

2) Whenever you download a file, you can see how many other Avast users use it and first time it was seen. That way you get some reputation statistics. This helps a lot, especially when you for example thought you downloaded Avast free but in reality it's a trojan that like only 10 people have got. Before anyone mentions sandbox I just want to say some apps do not work in sandbox but you still want to run them.

FileRep does exactly this automatically.

3) A lot of malware nowadays gets through by the web. Therefore improvements to the web defense and WebRep. For example, ability to report websites directly through webrep that send out malware and that Avast dont catch. Smarter web defense so that drive by's and such can be found.

In fact, the protection resides on Web Shield and Net Shield (and not on WebRep).

[Alikhan]

Make the script shield update through the virus database, that way when browsers update, you could fix it with a simple virus update.

[khasa]

Myth. There are also generic signatures that could manage a lot of viruses families.

I do not agree with it being a myth. Malware that only goes to a selected amount of people are increasing and those are hard to catch. Signatures usually will not catch that. New malwares get signatures too late, and there are many new malwares getting released daily. Therefore, signatures are not effective against new and unknown viruses. By the way I said "mostly", but I didn't say they are useless completely.

Also I would like to say generic signatures are kind of (in my opinion) part of heurestics, so that approach is good.

FileRep does exactly this automatically.

 Where can I see this? I think you mean it does it by itself, but I want to personally see the statistics myself before I open the file.

In fact, the protection resides on Web Shield and Net Shield (and not on WebRep).

 But even WebRep provides protection somewhat, even if not on the same level as Web Shield & Net Shield. When I said about the ability to report I meant having a button or something through Webrep.

Thanks for your inputs btw

[Lisandro]

New malwares get signatures too late

Sure. For this there are FileRep and behavior analysis, and also, the streaming updates of the virus definitions several times a day.

Where can I see this? I think you mean it does it by itself, but I want to personally see the statistics myself before I open the file.

You can search the forum and also the blog for FileRep. There are descriptions of how it works.
It's an automated process (you won't the statistic numbers but the final result on the AutoSandbox).

But even WebRep provides protection somewhat, even if not on the same level as Web Shield & Net Shield.

WebRep does not provide protection, only reputation based on users votes. It's not a security feature by itself.

[DavidR]

Well the WebRep does have the Phishing filter and also the SiteCorrect function embedded into it. So something over and above just the user site reputation side of it.