I know it's a long shot, but would be nice if you could provide CyberCapture webpage with some statistics how service is operating, what's the malware hit ratio and other interesting statistics about it. So we can kinda see how many received files are marked as malicious, how many were found clean, what countries have most new detected malware through the system and all that.
Good idea. It would be kind of cool. And similarly, on an individual file level (so that YOU, as the contributor, could check the status of your files in real time).
I would like to know what it does (if anything at all) with web-based email as that is http(s).
This scenario is already covered.
I suppose hash is done in the server site.
Hash is known as intensive action for big archives.
Won't is slow down https browsing?
Is there a archive size limit?
How would you know if prevalence =0 without hashing every single file in the HTTPS traffic?
Hashes are always done on client side, of course. That's the whole point -- so that we don't need to update files that we already have / know about.
I wouldn't be concerned about any slow downs caused by the calculation of the hash. In fact, in our implementation, we compute the hash "on the fly", as the file is being downloaded. I.e. every time a chunk of data is fetched from the network, we update the hash, so there's no need to calculate the whole hash when the donwload completes; we already have it by then.
There's no file size limit per se.
1.What is this Nitro update feature.How is it going to be any different than the streaming updates? This is more confusing.
Nitro is a name we have given to the latest version of Avast (not a name of a feature), to emphasize the effort we have spent on making it faster and leaner. Internally, for us it also means some other changes and I will be communicating these in the forum soon... I think you will like it.
2.I agree that cybercapture is a strong feature.But then the same thing was being done by IQ community sensors but with a delay.So is this thing any different than that.Or the IQ community is now being put to use after years of usage.
There's a number of differences. The one most important from the protection point of view is its synchronous nature. I.e. we actually don't allow the captured file to run until a definitive decision is made. CyberCapture also helped us here in the Threat Labs to streamline a number of processes and get better at detecting stuff.
3.Any limitations to the file size that cybercapture may upload to your servers??
See above, no.
4.Is the sandbox and cybercapture now one and the same?? If not what's the difference?? Analysis on users machine and analysis on cloud is the only difference.
Sandbox (DeepScreen) is a part of CyberCapture. We use it both locally (on the user's computer -- to filter out the most obvious malware) and also on the backend (in a controlled environment, with full NG support and much more time to play with it).
Thanks
Vlk