Author Topic: Does the Avast free version protect against rootkits?  (Read 32086 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Does the Avast free version protect against rootkits?
« Reply #15 on: December 19, 2007, 11:28:35 PM »
1. The original question was whether avast protects against rootkit, and the answer here is: "of course". My estimate is that nowadays, 30+ percent of malware actually comes with some kind of rootkit (to protect/hide its files), and if we weren't able to block rootkits, we'd be missing a huge number of malware.

2. Another question is if avast is able to detect (and more importantly, remove) active rootkits if installed on an already compromised machine. Now, the answer is: "in many cases no", and that's indeed where specialized anti-rootkit tools do a better job. That said, I can say now that we're coming up with a new rootkit detection/removal utility shortly.

3. Someone said that most AV programs already contain some rootkit detection/removal tool. However, have you actually measured the success ratio of these tools? We have, and the results were quite amazing. Only a handful of the tools is actually doing a decent job. The morale of the story is that if someone says a product "can deal with rootkits" doesn't actually mean that it's doing a good job.

4. While "layered defense" is a good concept, it doesn't quite work here. The frontiers betwen Trojans, Backdoors, Worms and other types of malware are now so vague that there's no specialized anti-Trojan, anti-Backdoor or anti-Worm tools anymore. Anti-rootkit tools are a bit different (as they are "heuristic" in their nature, i.e. they search for hidden items, without any need of defitions/signatures), but still, the technology also belongs to AV programs.


Hope this helps,
Vlk
« Last Edit: December 19, 2007, 11:48:28 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: Does the Avast free version protect against rootkits?
« Reply #16 on: December 19, 2007, 11:37:59 PM »
Thanks for this explanation, Vlk,  this is what a lot of avast evangelists like to hear.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84607
  • No support PMs thanks
Re: Does the Avast free version protect against rootkits?
« Reply #17 on: December 20, 2007, 01:17:33 AM »
I'm afraid many of this posters in this thread are actually a bit confused about the overall situation...

If we are confused it is because there is little, rather no information in the virus database other than a malware name, according to the virus database avast detects rootkits, not how.

So clarification would be nice.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Does the Avast free version protect against rootkits?
« Reply #18 on: December 20, 2007, 09:36:28 AM »
Try also searching for *[Rtk]*, this will reveal more names.

Anyway, as I already said, a big number of malware nowadays can only be charactererized as "combined" or "blended" threat - i.e. it is a Trojan, it is a Backdoor, it is a Rootkit (and often, it is also a mass mailing worm etc.). So, the way we name it cannot really indicate of it's a rootkit or not...
If at first you don't succeed, then skydiving's not for you.

Offline Chaos19

  • Newbie
  • *
  • Posts: 8
Re: Does the Avast free version protect against rootkits?
« Reply #19 on: December 20, 2007, 10:03:15 AM »
a bit away from the main subject.

but avast doesn't have self defence? will it have it?

and wat is it btw is it an important feature?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Does the Avast free version protect against rootkits?
« Reply #20 on: December 20, 2007, 03:04:53 PM »
but avast doesn't have self defence? will it have it?
Yes, on version 5.

and wat is it btw is it an important feature?
Nowadays, very important.
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Does the Avast free version protect against rootkits?
« Reply #21 on: December 20, 2007, 03:15:20 PM »
There are also several Win32:Agent nasties that use rootkit tech to hide themself.
Visit my webpage Angry Sheep Blog

Offline sanctuary24

  • Sr. Member
  • ****
  • Posts: 323
Re: Does the Avast free version protect against rootkits?
« Reply #22 on: December 20, 2007, 04:22:27 PM »
Tech, by self defense you mean protection from being terminated by malware

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Does the Avast free version protect against rootkits?
« Reply #23 on: December 20, 2007, 10:25:55 PM »
Tech, by self defense you mean protection from being terminated by malware
Yes.
The best things in life are free.

Offline street lethal

  • Newbie
  • *
  • Posts: 7
Re: Does the Avast free version protect against rootkits?
« Reply #24 on: December 22, 2007, 02:30:09 AM »
I'm new here on the boards but have been using Avast(free version) for almost 4 years. I agree that Avast should have the ability to scan for rootkits. Picking them up before they're installed is even better, Vlk mentioned that Avast does this. But being able to pick them up during a scan after the fact wouldn't hurt either. I do use AVG Anti Rootkit now and scan once in a blue moon. I'm not too concerned because I don't do stupid shit. But I think in general a rootkit scanner built into Avast would be a benefit.

As for Avast having self protection i'm glad that version 5 will have this as it is very important IMO.

One question. Why doesn't Avast have Heuristics? I know the e-mail scanner does but why not the resident scanner? I understand people get trojans through e-mail but getting malware from malicious websites and other places is not rare. The web shield should pick up a good deal of these but what if the signatures miss a few? Personally I visit a few websites on my computer on a daily basis..mostly computer forums..Hardforum, Anandtech, Epic games UT3 forum, and some news sites. I use Firefox with the NoScript extension enabled. Safe computing is a huge factor but some people don't know better....like old people...lol.

Offline Goose17

  • Newbie
  • *
  • Posts: 9
Re: Does the Avast free version protect against rootkits?
« Reply #25 on: December 22, 2007, 07:03:48 AM »
Been reading alot about this "Version 5" is there an ETA on it? also... Back To the rootkit topic... anyone now of a good Anti Rootkit? i know of AVG but i don't really like it....

Offline roundtrip

  • Jr. Member
  • **
  • Posts: 39
Re: Does the Avast free version protect against rootkits?
« Reply #26 on: December 22, 2007, 11:02:19 AM »
Try this blog post for more info on anti-rootkits:
http://radajo.blogspot.com/2007/11/anti-rootkit-windows-tools-searching.html

I posted a request for proper rootkit detection on the wishlist thread a long time ago. It should be possible to have heuristics designed to detect rootkit like behaviour. Hopefully, this will be part of Avast 5 - whenever that may come out!!!!

Many of the tools mentioned in this thread so far are tools for searching out rootkits after the fact! The vast majority of users wouldn't have a clue how to use them or what to do if they done a scan that found something. They need to have a product that stops the rootkits getting a foothold in the first place.

Vlad's post on blended threats is spot on. Most malware now uses multiple techniques to do its "work" and the old terms to explain the different types of malware appears to be less and less relevant! The most important thing is any layered security solution catches the bad things and / or removes them.

As an aside, a bigger worry than rootkits is the response speed of detecting and dealing with new threats that have been identified and submitted.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Does the Avast free version protect against rootkits?
« Reply #27 on: December 22, 2007, 11:54:25 AM »
As already suggested in my previous post, we're coming up with an antirootkit tool shortly. The same technology will then be integrated into the main avast product, but I can't tell when exactly will this take place (for now).

The antirootkit technology we have is quite unique, and you can expect a high-end product (with detection rates & cleaning capatibilities substantially better than the vast majority of the existing AR tools).

Stay tuned.

Thanks,
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Does the Avast free version protect against rootkits?
« Reply #28 on: December 22, 2007, 12:03:41 PM »
One question. Why doesn't Avast have Heuristics? I know the e-mail scanner does but why not the resident scanner?
Policy, strategy... they bet on generic signatures. Maybe to avoid that many false positives.
They're the only ones that could officially post about this... Vlk's post does not talk about "why not heuristics"...

The web shield should pick up a good deal of these but what if the signatures miss a few?
Trust in layered defense as much as you can. Other tools could give you more protection if you need. Although, Vlk's post, again, bomb a little this concept, I'm not talking about specialized tools but a firewall with outbound protection (and log), safe surfing, safe email practices, maybe a HIPS or a system monitor tool...

The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Does the Avast free version protect against rootkits?
« Reply #29 on: December 22, 2007, 12:16:22 PM »
Vlk, can you post your antirootkit tests results?
Maybe in other proper part of the forum... ;)
The best things in life are free.