Heuristics can improve malware detection ???

[mauserme]

Norman is known for its FPs, isn't it?

I have the on demand module of Command AV (Based on F-Prot engine) and I use it as a backup scanner ...

Where can I get this, Mac?

[drhayden1]

keith....this could be it or maybe not

http://www.f-prot.com/products/

http://www.commandondemand.com/
this one takes a while to load

[.: Mac :.]

You can get the Command AV app at http://www.authentium.com or use the command on demand link drhayden posted

[mauserme]

Thank you both.

[igor]

I somehow prefer to give up bringing big new features in interim builds (currently released approx. bi-monthly) and favor the "accumulate all big new features for the next major release" model...

Alwil, and Vlk, definitivelly changed their mind.
Now, we're waiting for a new, big, major release and not avast 4.8 and 4.9.

Well, I believe we would include even a bigger feature if it's easily implementable - but features like heuristics require significant changes through the [existing code of the] whole program; so it might be better to rewrite some parts than change them piece by piece and introduce strange bugs this way.

[mauserme]

Well, I believe we would include even a bigger feature if it's easily implementable ...

Any clues as to what a bigger feature might be?

[Lisandro]

Well, I believe we would include even a bigger feature if it's easily implementable - but features like heuristics require significant changes through the [existing code of the] whole program; so it might be better to rewrite some parts than change them piece by piece and introduce strange bugs this way.

Well... it was Vlk who told me that the policy will be getting the version 5.0 instead of slow movements through 4.8 then 4.9...

[polonus]

Hi Tech,

Was this why avast missed out on the new "PWStealer variant trojan" that malcreants were able to put on the Asus computer firm's website, so creating a drive-by download through a VBScript of this malware, so people that downloaded from that computer firm's site recently, may got infected probably through an IE hole.

Most av scanners did not recognize this "PWStealer" variant, and avast missed it also, so there the use of some sort of heuristics may come up to protect us. Asus cleansed their webserver from this malware. The origin of the infection as of yet is unknown.
Script used: http://isc.sans.org/diary.php?storyid=1948
What scanners failed: http://www.heise-security.co.uk/bilder/82643/0/1

polonus

[Lisandro]

Was this why avast missed out on the new "PWStealer variant trojan" that malcreants were able to put on the Asus computer firm's website, so creating a drive-by download through a VBScript of this malware, so people that downloaded from that computer firm's site recently, may got infected probably through an IE hole.

Polonus... I fully agree that avast must improve detection (rates & methods).
I just posted what *seems* to be Vlk's mind: do a major upgrade and not small ones. Release a *big new* avast 5 instead of small builds.
But who am I to discuss this? He could post his mind better than my cristal ball here 

[Martheen]

I got this VBS:Solow from a computer somewhere, and then i curiously edit its content, removing the original file name in it's script (the default name it will use to spread), then... avast miss it completely. So, i found out that kaspersky detects it nicely. Heuristic really needed here!

[the Tester]

I like the idea of heuristics being added to a future version of Avast.
Please make it adjustable(different levels like AntiVir has).
That way individuals can set it where they want.
Sandboxing wouldn't be a bad aternative.Maybe it would be more difficiult to integrate?

Regarding false positives; I rarely saw any in Dr.Web or AntiVir and they were usually pretty obvious after a quick investigation.

[Lisandro]

Please make it adjustable(different levels like AntiVir has).
That way individuals can set it where they want.

Can you post a screenshot of this configuration window?
Are you referring to 'kind of malware' to be detected by Antivir... I see no reason for that configuration: I want the antivirus blocks ALL kind of malware...

Sandboxing wouldn't be a bad aternative.Maybe it would be more difficiult to integrate?

Sandboxing is a work for a third party application, not integrated with the antivirus. Sorry, we do not like suites...

[RejZoR]

He means heuristics sensitivity (ie Low, Medium and High options). Personally i always prefer High, especially if antivirus has good submission system. Like NOD32 and also partially AntiVir 7. avast!'s quarantine and submission is prety much useless for now except for false positives of course.

[igor]

I got this VBS:Solow from a computer somewhere, and then i curiously edit its content, removing the original file name in it's script (the default name it will use to spread), then... avast miss it completely. So, i found out that kaspersky detects it nicely. Heuristic really needed here!

This has nothing to do with heuristics (it's quite a big nonsence, actually); the fact that Kaspersky detects the modified variant, and avast! doesn't, is most likely caused by different choice of signatures.
Besides, you've just created a new version of malware (by editing the original) - so unless you really are a virus guy and start spreading this new variant, I don't really care whether it gets detected or not (you can always modify a piece of malware such that a particular antivirus doesn't detect it).

[news]

I got this VBS:Solow from a computer somewhere, and then i curiously edit its content, removing the original file name in it's script (the default name it will use to spread), then... avast miss it completely. So, i found out that kaspersky detects it nicely. Heuristic really needed here!

You may not want to be too curious when dealing with malware.
I wouldn't recommend you trying to change anything about it. Leave that to those that are fighting the good fight to keep your pc free of it.