Author Topic: AVAST RESIDENT SCANNER is using Heuristic analysis?  (Read 13241 times)

0 Members and 1 Guest are viewing this topic.

Offline leemar

  • Jr. Member
  • **
  • Posts: 26
  • It's me...
AVAST RESIDENT SCANNER is using Heuristic analysis?
« on: July 13, 2008, 12:35:07 PM »
Does AVAST Resident scanner is using HEURISTIC ANALYSIS? because ive read all about the software can't find that its using heuristic analysis for UNKNOWN THREAT.

DOES ANYONE HERE KNOWS?

AVG is using Heuristic same as AVira and PC tool Free editions.

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3234
  • Avast & Garfield-Best Protection
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #1 on: July 13, 2008, 01:04:57 PM »
A new feature of version 4 is heuristic analysis of e-mail scanners. This feature can protect against new, unknown viruses and worms that are not possible to detect by the usual means. The heuristic module performs a thorough investigation of every e-mail message and watches for suspicious signs, that might announce virus presence. When the number of those signs exceeds a user-defined level, the message is considered dangerous and the user is warned
on this page.... http://www.avast.com/eng/avast-free-home-antivirus-antispyware.html
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #2 on: July 13, 2008, 11:33:42 PM »
They have chose to use generic signatures instead of heuristics.
Maybe we have some news in version 5 by the end of this year, who knows...
The best things in life are free.

Offline leemar

  • Jr. Member
  • **
  • Posts: 26
  • It's me...
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #3 on: July 14, 2008, 07:40:01 AM »
so you mean avast is only using it's virus definition for it's real time? and on demand scanning?

are you sure? how come avast is not using heuristic?

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1640
  • Super(massive black hole) Poster
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #4 on: July 14, 2008, 08:52:51 AM »
I can't answer for Alwil and a proper answer would take many pages, but....

Compared to the standard technique of determining that a file is an exact match with an already recognized and classified threat, heuristic detection is an 'educated guess', a simpler, quicker way of determining that a previously unseen file is likely to be dangerous based only on its resemblance to other files. It's a pragmatic compromise aimed to be of benefit in reducing AV overhead and/or catching previously unseen threats and is prone to 'collateral damage', i.e. false positives. This is at least partly why avast! has heuristic scanning email but not for the Standard Shield or other providers.
Instead, avast! relies on extremely fast definition updates and more recently, generic signatures e.g. 'trojan.gen', whereby the 'educated guess' is made by those analysing and compiling the definition update rather than by the program itself in real-time.
(Note: The latter is my own supposition so please, someone from Alwil, correct/qualify as necessary.)
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Offline leemar

  • Jr. Member
  • **
  • Posts: 26
  • It's me...
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #5 on: July 14, 2008, 11:59:57 AM »
does it mean that avast professional 4.8 does not also use heuristic analysis, because for me it's very important that security software uses heuristic, because updates are late, virus and other threats came in first, so if this is not included in the definition database it will not detect it.

how come avast has false positive, when it does not use heuristic.

Offline leemar

  • Jr. Member
  • **
  • Posts: 26
  • It's me...
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #6 on: July 14, 2008, 04:22:40 PM »
wow, i already confirmed that Avast 4.8 home or professional edition doesn't use HEURISTIC ANALYSIS, i emailed their technical support and they answer in just 30mins. They confirmed that AVAST does not use HEURISTIC.

tHANKS FOR THE PROMPT ACTION.
===============================================================
Hello,

Thank you for contacting our support center.

You are right, avast! does not use heuristics analysis but uses it´s virus data base.

If I can be of any further assistance, please do not hesitate to contact me again.

With Kind Regards,


Petr Bucek
Technical Support
Alwil Software a.s.

Ticket Details
===================
Ticket ID: NTT-416384
Department: [ENG] Technical support
Priority: Default
Status: On Hold
===============================================================

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9267
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #7 on: July 14, 2008, 09:05:28 PM »
Thats a well known thing about avast!. Surprisingly it's holding pretty well with just signatures. It'll get behavioral detection module sometime in the end of this year, probably a beta version first...
Visit my webpage RejZoR's Flock of Sheep

Offline Macintosh

  • Jr. Member
  • **
  • Posts: 52
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #8 on: July 15, 2008, 02:22:52 PM »
Avast will be best antivirus if it will come with heuristics in future versions :)

Offline leemar

  • Jr. Member
  • **
  • Posts: 26
  • It's me...
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #9 on: July 15, 2008, 03:10:03 PM »
yes you are right, heuristic analysis is the only thing that differs every anti virus programs.

Offline wyrmrider

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1298
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #10 on: July 15, 2008, 06:57:35 PM »
remember the generic .gen feature

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #11 on: July 15, 2008, 11:45:13 PM »
avast contains algorithmic detections for more than 170 virus families (not the signature-based nor the generic signatures in this case.. just a piece of code) and the number is increased every week... how do you think the file infectors (and others) could be detected when we would be limited to signatures, hm? :P

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1640
  • Super(massive black hole) Poster
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #12 on: July 16, 2008, 06:17:13 AM »
for me it's very important that security software uses heuristic, because updates are late, virus and other threats came in first, so if this is not included in the definition database it will not detect it.

how come avast has false positive, when it does not use heuristic.


Hi leemar.

For me it's very important that security software is highly effective with minimal impact on the user (the eternal compromise) whether or not it uses heuristic "short-cut" guesswork. The fact that avast! is able to check algorithmically for so many malware families with as little performance impact as it causes is impressive in itself.

Speaking of algorithms: UNKNOWN THREAT + HEURISTIC ANALYSIS GUARANTEED DETECTION
E.g. if Kaspersky has "better" detection of unknown threats than avast!, it's not just because it uses heuristics.

Similarly, with False Positives, heuristic analysis may be more prone to FPs but that doesn't mean that algorithmic analysis is exempt.

Good coding = efficient coding = minimal coding. Generally speaking, a good program is like a yacht that's always sailing "close to the wind". It runs fast and smooth without crashing but is always on the edge of disaster. Under that sort of pressure mistakes will occasionally happen.







« Last Edit: July 17, 2008, 04:23:58 AM by Vladimyr »
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Offline leemar

  • Jr. Member
  • **
  • Posts: 26
  • It's me...
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #13 on: July 16, 2008, 02:34:48 PM »
but all anti virus software should include heuristic analysis (not just heuristic but a good one) like eset threatsense technology. false positive is very minimal. but my question is if avast uses only definition base detection how come it has so many false positive lately? supposed to be all definition included in it's database are all known threats.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82192
  • No support PMs thanks
Re: AVAST RESIDENT SCANNER is using Heuristic analysis?
« Reply #14 on: July 16, 2008, 02:49:17 PM »
You have been told why in another topic that you have asked the same question. avast! doesn't only used just signatures in the traditional defination of signatures, e.g. 1 signature detects 1 virus variant.

When 1 signature/algorithm can detect multiple variants then they are more akin to heuristic detection and prone to FPs whilst those signatures are constantly fine-tuned.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/