Author Topic: Heuristics  (Read 12863 times)

0 Members and 1 Guest are viewing this topic.

kalpik

  • Guest
Heuristics
« on: April 27, 2005, 04:13:28 AM »
Hi!

Is it true that Avast does not have any Heuristics scanning engine? If thats true, its very alarming! Cuz Heuristics is the first defence against unknown virii! I think even AVG has Heuristics scanning (though i have personally seen that Avast is a MUCH MUCH better AV than AVG). If Avast does not have this feature, it should be the first post an the Wishlist!!

Kalpik

Staind

  • Guest
Re: Heuristics
« Reply #1 on: April 27, 2005, 04:20:43 AM »
Well, it does but it doesn't. It does I believe have generic scanning for trojans, but in terms of a true heuristic program - no, this has been discussed on the forums.  There are several pros, but also several cons, to having a heuristics.

kalpik

  • Guest
Re: Heuristics
« Reply #2 on: April 27, 2005, 04:24:30 AM »
Hi!

Could you please explain all the cons of having Heuristics? Your help is appreciated.

Kalpik

TAP

  • Guest
Re: Heuristics
« Reply #3 on: April 27, 2005, 04:27:59 AM »
As far as I know Avast has no heuristics in its on-demand/on-access scanner but Avast has so-called heuristics in its e-mail scanner (Internet mail and Outlook/Exchange) to fight agianst fast-spreading e-mail worm (it really works in the real-world and save me several time) but I think Avast's heuristics is not the true heuristics in antivirus scence.

Althought Avast has no true heuristics but it has other method to fight against unknown malware such as generic detection of trojan.

Please read this thread and you will find what you want to know.  :)

http://forum.avast.com/index.php?board=2;action=display;threadid=4979
« Last Edit: April 27, 2005, 04:37:05 AM by TAP »

MFB

  • Guest
Re: Heuristics
« Reply #4 on: April 27, 2005, 04:34:57 AM »
True, McAfee uses these heuristics techinque as well, Panda uses this Tru prevent technology to detect unknown viruses.  I don't really mind if Avast! dosn't have heuristics as long as we get updates daily.

TAP

  • Guest
Re: Heuristics
« Reply #5 on: April 27, 2005, 04:58:18 AM »
I don't really mind if Avast! dosn't have heuristics as long as we get updates daily.

Unfortunately, Avast has always been simply underrated by some people just because of Avast has no so-called heuristics, it has fancy skins, it has sounds and it has the free version.
« Last Edit: April 27, 2005, 05:07:43 AM by TAP »

MFB

  • Guest
Re: Heuristics
« Reply #6 on: April 27, 2005, 05:08:50 AM »
I love the skins ( my favorite is the bionic avast ;) ) And the sound is always enjoyable to hear.  (yes including the virus detected one  ;D.  So what if it dosn't have heuristics?  People should know that it's one of the best antivrus that has different shields and has staff working hard to make virus signature files for updates.
« Last Edit: April 27, 2005, 05:16:16 AM by MFB »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Heuristics
« Reply #7 on: April 27, 2005, 10:14:02 AM »
Heuristics have a big potential,especially for AV that is not so well known (so virii writers don't fool its heuristics). Just look at NOD32. I had doubts about heuristics until i tried it. Same with ArcaVir 2005. Detected brand new worm before they had defs for it. And even if heuristics detect only few samples it's still better than nothing.
Visit my webpage Angry Sheep Blog

TAP

  • Guest
Re: Heuristics
« Reply #8 on: April 27, 2005, 12:09:36 PM »
And even if heuristics detect only few samples it's still better than nothing.

I totally agree.

And even so-called heuristics in e-mail scanner of Avast can detect potential dangerous extensions in file attachment I've seen this several times.

I'm just curious, if Avast doesn't implement traditional heuristics like other AVs so is there any plan to develop other proactive detection for Avast, something like advanced generic detection?  ;D ;D ;D

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Heuristics
« Reply #9 on: April 27, 2005, 01:09:58 PM »
The biggest concern of anyone introducing Heuristics is false positives and inexperienced users who will delete the file that the virus was detected in. This can have huge potential implications on the users system.

Perhaps a means of getting round this is to have two Alarms and actions, Heuristic and Signature detected. Then to correctly identify the warning as a Heuristic detection and perhaps move it to the chest rather than allow for auto/user deletion.

This could be similar to the email heuristic warning, but that warning is very ineffective as many who post here don't realise the difference and delete emails regardless of the fact that it is pointed out it is just Suspicious and not positively identified as infected.

There have been similar requests on the forums to have a different Warning Alarm for Web Shield detection, because that says there is a virus on your computer (and it won't be if you abort the connection) and many people have spent a lot of time trying to find it on their computer.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Heuristics
« Reply #10 on: April 27, 2005, 01:20:01 PM »
But lets face it,Alwil will have to impliment some form of heuristics soon or later.
Signatures are ok,but in these days,certanly not enough.
Visit my webpage Angry Sheep Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Heuristics
« Reply #11 on: April 27, 2005, 01:42:08 PM »
I totally agree that it will have to happen. My reference to Signatures was mearly to show the different method of detection, known Vs possible (Signature V Heuristics)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Heuristics
« Reply #12 on: April 27, 2005, 01:54:48 PM »
The biggest concern of anyone introducing Heuristics is false positives and inexperienced users who will delete the file that the virus was detected in. This can have huge potential implications on the users system.
Yeah... But, sometimes, the signatures bring false positives as much as heuristics would  :P

Heuristics have a big potential,especially for AV that is not so well known (so virii writers don't fool its heuristics). Just look at NOD32. I had doubts about heuristics until i tried it. Same with ArcaVir 2005. Detected brand new worm before they had defs for it. And even if heuristics detect only few samples it's still better than nothing.
In fact. But, I have some experiences on it... Promisses more than could realise. Better detection are just side by side of false positives. I do believe in fast updating and avast! can't be better on it. Well, it could be better on adding signatures that, nowadays, were not that fast anymore  :'(

Perhaps a means of getting round this is to have two Alarms and actions, Heuristic and Signature detected. Then to correctly identify the warning as a Heuristic detection and perhaps move it to the chest rather than allow for auto/user deletion.

This could be similar to the email heuristic warning, but that warning is very ineffective as many who post here don't realise the difference and delete emails regardless of the fact that it is pointed out it is just Suspicious and not positively identified as infected. There have been similar requests on the forums to have a different Warning Alarm for Web Shield detection, because that says there is a virus on your computer (and it won't be if you abort the connection) and many people have spent a lot of time trying to find it on their computer.
Good suggestions... I hope it won't be lost into the jungle of the forum threads  :-\ :'(
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Heuristics
« Reply #13 on: April 27, 2005, 02:26:09 PM »
Your putting my words into RejZors mouth ;D

Perhaps a means of getting round this is to have two Alarms and actions, Heuristic and Signature detected. Then to correctly identify the warning as a Heuristic detection and perhaps move it to the chest rather than allow for auto/user deletion.

This could be similar to the email heuristic warning, but that warning is very ineffective as many who post here don't realise the difference and delete emails regardless of the fact that it is pointed out it is just Suspicious and not positively identified as infected. There have been similar requests on the forums to have a different Warning Alarm for Web Shield detection, because that says there is a virus on your computer (and it won't be if you abort the connection) and many people have spent a lot of time trying to find it on their computer.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

kalpik

  • Guest
Re: Heuristics
« Reply #14 on: April 27, 2005, 02:33:26 PM »
Are the people at Alwil listening!!!!