Author Topic: I was becoming worried, shocked with avast!... There is a hope anyway...  (Read 32496 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
What's going on with lack of detection?

Spyware.BingoFun, Spyware.NavExcel, Heuristic.Win32.Hijacker1, TrojanDownloader.Small.Go, Backdoor.Padodor.az, BackDoor.Generic.GAX, BackDoor.Generic.GGC, TrojanDownloader.Agent.ho, TrojanDownloader.Small.bcu, TrojanDownloader.Small.bcv,
MISSED  :o (http://forum.avast.com/index.php?topic=15091.msg127347#msg127347)

wmram.exe
MISSED  :o (http://forum.avast.com/index.php?topic=15277.msg128630#msg128630)

Win32 Tenga
MISSED  :o (http://forum.avast.com/index.php?topic=15300.msg128814#msg128814)

I'm being unfare, folks?
One of my computers get infected last week, a lot of time lost... No answers, I'm becoming disapointed!  :(
« Last Edit: August 03, 2005, 01:59:13 PM by Tech »
The best things in life are free.

MFB

  • Guest
Re: I'm becoming worried, shocked with avast!
« Reply #1 on: July 27, 2005, 06:03:28 AM »
Did alwil changed their email or something?  Anti-Vir detected a Trojan and I send alwil a possible Trojan about almost two months ago and no response.  I then send the infected file to anti-vir and they told me it was a false positive the next day.  I understand it's hard to keep and maintain the software and trying to find new problems, but they should at least consider the emails they get about new possible threats.  They don't have to respond to us (as long as it's not false positive) as long as they put the new virus in the database.  I'm not giving up on avast! since this program is longest software I ever kept since McAfee.   ;D

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: I'm becoming worried, shocked with avast!
« Reply #2 on: July 27, 2005, 09:07:08 AM »
I share the same opinion with you Tech. I'm a pro and AV is just a second line of defense when my brain fails to detect something,but i do regulary submit malware.
Alwil guys will have to change something about this. They do add samples,but thats way way too slow. If i understrand correctly,only Karel keeps his hands over VPS updates so this is probably the main reason. Macro viruses are covered by some other guru,but they aren't as common as Win32 stuff.
I was on McAfee for some time and i just loved their way of handling submitted malware. Uploaded it through their submission mechanism WebImmune and i usually got response in 6 hours or next day for sure. If it was indeed malware,they added it next day or even right away if i submited it before their DAT release.
Now Chest is kinda ok when you get used to it,but it doesn't really serve it's purpose since avast! doesn't have any heuristics. Trojan-gen false positives are common,but usually not the reason to use Chest.
Second thing is that you have to use your own SMTP engine for submission.
Many people just gave up before they even learn that they have to enter that info.
Explaining to every user how to pack into ZIP and password protect it and blabla is also annoying. But even if you guys impliment some kind of web uploading form that submits directly without need to pack and password protect stuff you'll still have to regulary check all files and add them asap.
You don't have any proactive protection(ok,except mail),so you have to use Kaspersky way of handling malware (raw signature detection strengt).
avast! functionality is way over any other product,but main purpos (detection) is the thing that makes me worried about avast!. It's ok,but nothing that would launch it to the top. It just gets lost between others :(
Visit my webpage Angry Sheep Blog

darth.mikey

  • Guest
Re: I'm becoming worried, shocked with avast!
« Reply #3 on: July 27, 2005, 09:11:45 AM »
So it looks like they are undermaned or what?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Re: I'm becoming worried, shocked with avast!
« Reply #4 on: July 27, 2005, 09:39:59 AM »
Hello ye all,

Well stay on top of it. Avast is a too good product to loose out on this.
Personally close the vulnerability gap. Download stinger.exe. And screen your oses for the latest vulnerabilities. I hope AVAST will keep sharp, play on the ball.

greets,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31073
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: I'm becoming worried, shocked with avast!
« Reply #5 on: July 27, 2005, 02:48:43 PM »
Submitted a sample a few months ago.
It took a month before it was in the vps.
But with next vps it was removed because it caused a false positive.
It was never added again after that.

I could be wrong, but I believe that Alwil needs to put more people on the vps.

TAP

  • Guest
Re: I'm becoming worried, shocked with avast!
« Reply #6 on: July 27, 2005, 03:55:24 PM »
About proactive protection, personally, I've used Kerio Personal Firewall with its Behavior blocking (similar to Prevx but less intrusive on system performance). This feature gives a good level of proactive protection by control over any starting/modify applications (including malware) on you system.

I think the Blocker in Standard Shield has high potential to be a powerful proactive protection of avast!, so I hope that Alwil team will put more improvement into Blocker in the future.

Sometimes I doubt why Alwil seems to ignore heuristics, while other AVs such as NOD32, BitDefender, Norman, AntiVir, ArcaVir are improving their beloved heuristics like crazy and use it as superb marketing point to convince people that their AVs are better than others (such as avast! that has no heuristics).

Offline rdsu

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 534
  • ...
Re: I'm becoming worried, shocked with avast!
« Reply #7 on: July 27, 2005, 04:05:14 PM »
The avast! is a good product, but I never field safe with it, and some reasons are already reported here...
Some of them I already tried to discuss here without success, since some of you are avast! fanatic users, but now it seems that something changed...

Hope the best for avast! team.
Avast Free Antivirus: Web Shield & Home Network Security.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Re: I'm becoming worried, shocked with avast!
« Reply #8 on: July 27, 2005, 04:07:18 PM »
Hi TAP,

That is why I have installed SSM from narod.ru to have a good system protection and monitor application. It is still free for home users and this version expires December 2005. I am quite happy with it. You can also use a heuristic scanner, but there you have the big disadvantage of a lot of false positives (F-prot DOS version etc). Use the standalone tools like stinger.exe etc. and you are fairly well protected. Today a security solution is a multi-layer thing: AV, Firewall, Anti-Malware, Anti-Trojan, Intrusion Detection and a brain. Still a lot of  normal Pops and Moms still click yes, and if that does do the trick, there is always the possibility to click no, and you can do that with two sides of the browser.

greets,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: I'm becoming worried, shocked with avast!
« Reply #9 on: July 27, 2005, 04:20:28 PM »
Being a fanatic user is just plain stupid. Why defending a product when it's certanly not as good as it could be? And at this point i'm disapointed with avast! detection or shall we say their interest of adding submitted malware...
Visit my webpage Angry Sheep Blog

Offline Tonanet

  • Sr. Member
  • ****
  • Posts: 353
  • I'm a llama!
Re: I'm becoming worried, shocked with avast!
« Reply #10 on: July 27, 2005, 07:08:58 PM »
Yeah,

Sorry, but I have to agree. I cant fell safe with Avast!. For a number of reasons:

1- It take too long time to a malware be added to the VPS. I keep sending samples to AVG and Avast. Avg usually adds in the next update (no more than 24 hours, sometimes a lot less, like 4 hours). Avast gets at last a week in most cases.

2- In my experience, even without the heuristics, Avast seems to cause more false positives than any other AV that me or any of my clients had used. Avast caused me 4 false positives, while AVG and Norton caused me only one... Mcafee,Panda,Nod32 never did... At last to me.

3- I had installed Avast in almost all my clients, unfortunatly I had to uninstall it and then install AVG, just to find out all the infections that Avast missed. And worse, just to find out that if I had installed AVG in first place, the infection wouldnt happen, because AVG could detect it.

I had to choose AVG for two reasons, first the fast way that they deal with new samples, updating the definitions of new malwares really fast. Second, AVG takes a lot less system resource than avast... wich in some cases is very decisive.

Also, AVG has a real bad fame in detection rate, but I can be sure that is just fame... It have impressed me in lot of ocasions, detecting malwares that I never thought it could be detect by AVG... (Sometimes I use mcafee online just to be sure, and just one time it found something that avg missed)

Its a shame, because I think Alwill is a company that really know how to deal with their costumers, getting their attention. Its antivirus had one of the most complete set of features (including the free version), but the main thing, the VPS gap just doesnt let it make a trustable AV.

I really hope that the VPS problem be solved. So I will be able to trust and tell to friends/clients, how good is to be protected by Avast!.

Elminster

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5092
Re: I'm becoming worried, shocked with avast!
« Reply #11 on: July 27, 2005, 08:28:08 PM »
elminster, I agree with you there is a lot of false positives in avast for an AV with no herustic abilites.
Command antivirus has a great deal of herustic ability and adds it to their Deffiles within 24hours of submission, and I have never had a false positive from it.
I run Avast on my PC and command on my Mac under VirtualPC and on my laptop.

"People who are really serious about software should make their own hardware." - Alan Kay

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Re: I'm becoming worried, shocked with avast!
« Reply #12 on: July 28, 2005, 01:22:37 AM »
Hello worried fellow-members,

Go here and read, and there you see the general situation scanner maintanance is facing. And the future looks bleak.
Read what Wilders Security has to say, and why they pulled the plug out. The days of the signature scanner as sole-defense-line are numbered, stronger solutions are to step in. It is too time consuming, too costly too, all resources are tied up, and the anti-trojan scanners are closing down one by one. Read:
http://www.wilderssecurity.com/showthread.php?t=90017
Now you know what is going on,

Have a nice day,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

FastGame

  • Guest
Re: I'm becoming worried, shocked with avast!
« Reply #13 on: July 29, 2005, 05:51:00 PM »
Alwil knows exactly whats keeping avast! from being the top AV, Detection!

Alwil seems to be against adding Heuristics to avast!, if thats the case then one would think they'd add definitions quickly after samples are turned in.


No AV offers all that avast! does, some are better in detection.....

Quote
I'm becoming worried, shocked with avast!

Hmm just think how "shocked" and "worried" the other AV companies would be if avast! had BitDefender/NOD32 type Heuristics, or KAV fast definitions;)
« Last Edit: July 29, 2005, 05:55:17 PM by FastGame »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: I'm becoming worried, shocked with avast!
« Reply #14 on: July 29, 2005, 08:03:36 PM »
Please, this was not a thread about Heuristic x Non-heuristic antivirus.
This is what I don't want to discuss here.
This is what will make Alwil team does not answer to this thread.
They already said their opinion about Heuristics a lot of time.

I want another things: better detection (signatures), faster sample analysis, faster VPS updates...
Did you remember what we have months ago? Almost 20 updates a week? And now?
Worse, some are thinking I'm blaming avast...  :-\
I just want it better and I did not receive an answer... What is happening with the lack of detection?
The best things in life are free.