Author Topic: Poor scores At AV-Tests,what's going on avast?  (Read 13330 times)

0 Members and 1 Guest are viewing this topic.

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Poor scores At AV-Tests,what's going on avast?
« on: March 26, 2014, 03:59:18 AM »
This is the second time this has happened...Last time Vlk had valid explaination of cloud stability issues affecting avast scores.What happened here this time I was expecting the usual 4.5/5.0 or even better scores.

http://www.av-test.org/en/tests/home-user/windows-7/janfeb-2014/

Anyone from avast! team can shed light on this topic please?

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #1 on: March 26, 2014, 08:53:55 AM »
Well, even though last time Vlk explained it, i found that even more concerning actually. A protection so dramatically affected by the cloud problems and what's worst about it, user has no clue it is happening in the background. You expect some subsystem to give you superior protection, but you don't even know it's actually not operational. And that i find as a huge problem. I don't know how long their problems lasted or how big they were, but if they were big enough to affect the test results, they are concerning for me as well.
Visit my webpage Angry Sheep Blog

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #3 on: March 26, 2014, 11:25:33 AM »
Rejzor,it is no surprise with the amount of malware coming everyday any AV will suffer without cloud modules.Forgot Avira scores few months/years back without the cloud stuff.

There is no such backend server that can keep up with everything,so even evo-gen also had to go behind with no suprise.

Rejzor,I still test avast very little sometimes and with no doubt evo-gen and other modules are still on the radar.They still detect quite a lot of malware.

Remember,if you extract samples with avast on evo-gen is going to pick up on them during extraction and then no evo-gen on execution still evo-gen is pretty effective.

People fail to understand that now evo-gen is more embedded into on-access scanning system and no more to on-execution.I am sure the offline system will get stronger with dyna-gen and DBT (Already under development).

No wonder Naren and I had weird problems with the cloud detections...Thanks avast! team for the explaination over here:
http://forum.avast.com/index.php?topic=147986.msg1075601#msg1075601

Looking forward to much better protection in upcoming months.
« Last Edit: March 26, 2014, 11:41:05 AM by True Indian »

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #4 on: March 26, 2014, 11:35:52 AM »
True Indian, what do you mean with DBT?
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #5 on: March 26, 2014, 11:37:27 AM »
True Indian, what do you mean with DBT?

Dynamic Binary translation...

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #6 on: March 26, 2014, 11:38:38 AM »
Okay.

I cant wait to check that out. Also Dyna-Gen will be fun to test out. :)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #7 on: March 26, 2014, 11:42:31 AM »
Okay.

I cant wait to check that out. Also Dyna-Gen will be fun to test out. :)

DBT is already being used...detections come with the name Sf as initial...They are still bettering it though..

DBT sigs look like this:
Sf:Zbot-A[Trj]

They are adding a few of these everyday check the virus update history.

Remember,these detections come from deepscreen module.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69914
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 21.3.2458.Beta3 [UI.610] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.10 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #9 on: March 26, 2014, 11:46:14 AM »
Okay.

One more thing learned today. :)

But i think it will getter over time. Deepscreen got better over the newer versions. But there is still a lot of work
to do.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 4704
  • Whatever will be, will be.
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #10 on: March 27, 2014, 01:37:00 AM »
DBT is already being used...detections come with the name Sf as initial...They are still bettering it though..

DBT sigs look like this:
Sf:Zbot-A[Trj]

They are adding a few of these everyday check the virus update history.

Remember,these detections come from deepscreen module.
Sf detections have been added since several years ago, since the launch of the v5 if I remembered correctly.
And Sf are also detected via normal scanning, at least I saw it around 2011 during malware testing.

So I consider Sf detection are based on Code Emulator. Of course, integration of dynamic binary translation into code emulator is the most probable.
« Last Edit: March 27, 2014, 01:39:20 AM by NON »
Main: Win10 Pro 20H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 21 Premier Beta / Evorim Free Firewall (testing)
Mobile: Win10 Pro 20H2 32bit, Vista SP2 32bit / Core 2 Duo SU9300 1.2GHz / 4GB RAM / Avast 20 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #11 on: March 28, 2014, 07:24:02 AM »
True Indian, what do you mean with DBT?

Then how come Panda Cloud Free scores fantastic results every single time in tests? It's also heavily dependent on cloud, yet it works perfectly. It was also among the very best in the latest AV-Test.
Visit my webpage Angry Sheep Blog

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #12 on: March 28, 2014, 09:52:56 AM »
Sf detections have been added since several years ago, since the launch of the v5 if I remembered correctly.
And Sf are also detected via normal scanning, at least I saw it around 2011 during malware testing.

So I consider Sf detection are based on Code Emulator. Of course, integration of dynamic binary translation into code emulator is the most probable.

No,since v5 they were there but not added so often as now and they werent active as of now what avast blog article tells me is safemachine 2 has been launched couple years back so I am guessing its from v6 and they were working on it since then.

I have seen Sf detections from the avast deepscreen module and that is the reason I am confident its that.Plus,3 or 4 years back I never saw it in the sandbox neither it came in vps update history and it came very rarely.

Read: https://blog.avast.com/2014/02/07/research-buzz-undercover-technology/

This technology was fired up only in the start of this year and they are bettering it since then.Although Sf has been there even before it was very basic and very rarely added detection.Since end of feb I am seeing in every alternate VPS.

Rej,Panda is a full cloud AV.There is a difference when you are exclusively working on 1 technology and plus I am sure they have more attention to their cloud whereas avast has to see both home-made as well as cloud and also develop new protection modules.
« Last Edit: March 28, 2014, 09:56:55 AM by True Indian »

Offline zerotox

  • Jr. Member
  • **
  • Posts: 49
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #13 on: March 28, 2014, 10:55:01 AM »
True Indian, I respect your poised opinion. But which of the new technologies are working OK in Avast , not buggy and unstable at times. Yes, other vendors also introduce new technologies but not at the expense of bugs and instability. And now this back-end issue that seems to have been present about 2 months without the user being aware - what is worse - the results in a test like AV (which I consider a joke, especially the performance part) or the false sense of security in users, thinking that everything in their AV is working as it should, the green tick is there, you are protected.
Windows 8.1 with Media Center 32 bit
Windows Firewall on; UAC maxed out; SRP disallowed
Real time: Avast IS 2015

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Poor scores At AV-Tests,what's going on avast?
« Reply #14 on: March 28, 2014, 10:59:35 AM »
Does it? Panda Cloud is NOT just cloud AV. They also cache local definitions, they also offer local behavior analyzer and blocker.

I've noticed a trend with avast! where they have bunch of really awesome ideas all the time, but they rarely make them useful in the end. Or they don't appear so to the end user. Behavior Shield. We thought we'd finally see behavior blocker in avast!. And it turned out to do exactly nothing at all. Autosandbox when it was introduced, didn't yield much results and hardly anyone has ever seen it detect anything. Then it was a brief time of awesome sightings of Autosandbox detections for like 1 month and then it all went silent. DeepScreen was introduced and since it's introduction, just like with Autosandbox, we haven't seen much of it's detections. A lot of "Analyzing" popups and hardly any detection. Then there were several upgrades with hardly any effects. Their statistics may say otherwise, but seeing it work in the wild is another thing. Only thing that actually seems to work is Evo-Gen. I just don't understand what's going on in there. What's the cause of all the bright ideas to never function in real world. Or i just set the expectations too high. But then again i had the same expectations for Bitdefender and Kaspersky and look where they are constantly in the tests...
Visit my webpage Angry Sheep Blog