Author Topic: Immunet 2.0 <<First Screenshot ever on any outside forum>>  (Read 31185 times)

0 Members and 1 Guest are viewing this topic.

cinchez

  • Guest
Re: Immunet 2.0 on April 15 <<First Screenshot ever on any outside forum>>
« Reply #30 on: April 13, 2010, 07:18:53 AM »

Quote
Immunet seems to use a different method- which is to observe any AV it is installed next to an report files that AV detects as malicious to Immunet. (See blog post.) Sort of like a parasite, feeding and growing stronger on a host, if you want to look at it that way.

http://dontsurfinthenude.blogspot.com/2010/03/anti-virus-in-cloud.html
O-ho..what a presumptuous strategy..[i prefer to look it that way]

Impressive

-AnimeLover^^

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Immunet 2.0 on April 15 <<First Screenshot ever on any outside forum>>
« Reply #31 on: April 13, 2010, 09:32:41 AM »
@ Vlk

Nice observations.

First Question:

Don't the cloud AV's license these engines of different AV's to be used in the cloud?

Or Do they do it without asking them?


QUOTE from Immunet Blog

How Immunet Detects Threats, In a Nutshell
DateSunday, March 7, 2010 at 8:46PM |

I often get asked what makes Immunet’s approach to detecting threats different than the mainstream Anti-Virus companies.  In a nutshell, our goal is to find threats which are in small parts of our community, analyze them and then protect the whole community from them as fast as possible, often in near real time.

We do not focus on obscure threats, or threats which circulate outside of our community. We are not big fans of the 'boil the ocean' approach to doing Anti-Virus. It works well for reviewers (who test with everything under the sun) but it rarely really helps your community. There is a reason people are still getting viruses and it's time we rethink our (the industry) approach to tackling this problem.

As to 'how' we convict files. All of our current approaches entail communication back and forth with the cloud so that rarely is a decision made in 'decision support isolation’. This allows you to work with the most current, up to the minute, information that we have. Here are some of the approaches we use:

   1. Generic detection of threats through broad hashing. We look for things that look 'like' threats we know of and try to further analyze them for conviction so we can protect the community. This can also be called a 'heuristic' engine if you like.  Our generic engine is ETHOS; we have another planned for May, which is called SPERO.
   2. Context conviction, this is where we make decisions based off the data we receive about a file in field. From community collected data we can make assumptions about whether a file is a virus or not. For example, did our AV stop working after it was installed? Did the system start to see other viruses after it was installed? Questions like this will often lead to answers, which make us highly suspicious of a file.  
   3. One-to-One conviction, this is where there is a known threat we've collected from the community, through collection trading or gathered from web crawling. For each of these collected (and verified malicious files) we generate a signature. When users do file look-ups this signature is sent to us, if it matches a known threat we convict the file as a virus.


There are a few other ways as well and each of those approaches above could be a daylong chat on their own but that's the mile high view today (March 7, 2010).

« Last Edit: April 13, 2010, 09:34:37 AM by Chris Thomas »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Immunet 2.0 on April 15 <<First Screenshot ever on any outside forum>>
« Reply #32 on: April 14, 2010, 12:52:50 AM »
only unrecognised files are uploaded
Wow!
What a privacy issue!

Immunet seems to use a different method- which is to observe any AV it is installed next to an report files that AV detects as malicious to Immunet. (See blog post.) Sort of like a parasite, feeding and growing stronger on a host, if you want to look at it that way.
Well, still unacceptable!
Who gives the permission to upload a file to them? Maybe it's written in the EULA that nobody reads...
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Immunet 2.0 on April 15 <<First Screenshot ever on any outside forum>>
« Reply #33 on: April 14, 2010, 12:57:55 AM »
In a nutshell, our goal is to find threats which are in small parts of our community, analyze them and then protect the whole community from them as fast as possible, often in near real time.

We do not focus on obscure threats, or threats which circulate outside of our community. We are not big fans of the 'boil the ocean' approach to doing Anti-Virus.
I can't believe! Are we boiling the ocean?

It works well for reviewers (who test with everything under the sun) but it rarely really helps your community.
Makes no sense. The infection is real, being or not in the community.
Now it seems a stupid community imho.

1. Generic detection of threats through broad hashing. We look for things that look 'like' threats we know of and try to further analyze them for conviction so we can protect the community. This can also be called a 'heuristic' engine if you like.  Our generic engine is ETHOS; we have another planned for May, which is called SPERO.
Generic detection? ???
What's that? They're using others' engine!!!

From community collected data we can make assumptions about whether a file is a virus or not.
Privacy concerns.

For example, did our AV stop working after it was installed? Did the system start to see other viruses after it was installed? Questions like this will often lead to answers, which make us highly suspicious of a file.
Again: the antivirus team has the work and they just "use" it.
The best things in life are free.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Immunet 2.0 on April 15 <<First Screenshot ever on any outside forum>>
« Reply #34 on: April 14, 2010, 03:41:23 PM »
In a nutshell, our goal is to find threats which are in small parts of our community, analyze them and then protect the whole community from them as fast as possible, often in near real time.

We do not focus on obscure threats, or threats which circulate outside of our community. We are not big fans of the 'boil the ocean' approach to doing Anti-Virus.
I can't believe! Are we boiling the ocean?

It works well for reviewers (who test with everything under the sun) but it rarely really helps your community.
Makes no sense. The infection is real, being or not in the community.
Now it seems a stupid community imho.

1. Generic detection of threats through broad hashing. We look for things that look 'like' threats we know of and try to further analyze them for conviction so we can protect the community. This can also be called a 'heuristic' engine if you like.  Our generic engine is ETHOS; we have another planned for May, which is called SPERO.
Generic detection? ???
What's that? They're using others' engine!!!

From community collected data we can make assumptions about whether a file is a virus or not.
Privacy concerns.

For example, did our AV stop working after it was installed? Did the system start to see other viruses after it was installed? Questions like this will often lead to answers, which make us highly suspicious of a file.
Again: the antivirus team has the work and they just "use" it.


There is an option in 2.0 for users to explicitly turn off the transmission of files to Immunet while continuing to provide the same level of protection (and number of engines) that the 1.0 BETA release provides today.

QUOTE:

Rest assured that any files sent to Immunet are used solely to protect our users and rarely even seen by a human. We also do not collect documents or other sensitive information.

Now, the reality is that most, if not all, AntiVirus products send suspicious files to their labs for analysis. Some products make this configurable, while others don't. It has become standard practice primarily because it helps to identify new threats. The caveat here is that this should be clearly visible and configurable for our users.


EDITED:

76% of Immunet users have no AV installed

More information about ETHOS

http://blog.immunet.com/blog/2010/2/17/the-immunet-protect-ethos-engine-a-week-in-the-life.html

And,

Release Dates of beta got changed to May
« Last Edit: April 14, 2010, 03:57:59 PM by Chris Thomas »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #35 on: April 15, 2010, 03:02:27 AM »
Rest assured that any files sent to Immunet are used solely to protect our users and rarely even seen by a human. We also do not collect documents or other sensitive information.
I can't trust in this "technology" they're using. I feel like Vlk posted before.

Now, the reality is that most, if not all, AntiVirus products send suspicious files to their labs for analysis. Some products make this configurable, while others don't. It has become standard practice primarily because it helps to identify new threats. The caveat here is that this should be clearly visible and configurable for our users.
They don't "do" anything... just "use" the others' detection and hard work.
The best things in life are free.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #36 on: May 08, 2010, 07:26:22 AM »
Immunet Pre-Launch 'Beta' Sign-up Now Open

http://community.immunet.com/immunet/topics/immunet_pre_launch_beta_sign_up_now_open

CLOSED THIS THREAD

ravi16aug

  • Guest
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #37 on: May 13, 2010, 11:03:17 AM »
@Vlk

I really respect the kind of product avast! team has managed to deliver in its present form, but regarding your stand on products like HitMan Pro, what difference does it make if you license your engine to a company like GData (which makes a traditional AV) or HitMan Pro (a cloud based app)? Is it the amount of money or the amount of co-scanners?
« Last Edit: May 13, 2010, 11:43:24 AM by ravi16aug »

PapaSmurf

  • Guest
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #38 on: May 14, 2010, 05:36:25 AM »
Ok, am I the only one who is thinking "overkill"?
firewall, both hardware AND software
!avast anti-virus
Firefox with enuf addons to choke a cow
assorted malware scanners of all kinds
Rootkit tools, various
and now....there is something to run with your anti-virus????
Are you kidding???????
Look kiddies, if the damn virus makes it past all the freakin' stuff that I am running,
thet deserve to have my system...geesh. My system is more locked up
than my car.
There comes a point in time where enuf is enuf. I think I prefer to have some computing
room left to..oh..I don't know....COMPUTE!
Of course, the paranoid self still thinks the world is out to get me...I gotta stop listening to the voices.....
 :o :o :o :o :o :o :o :o :o :o :o

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #39 on: May 14, 2010, 05:44:48 PM »
Doom, Gloom please I need more Room to add just one more antivirus program or,
something else to keep me safe from spam.
Maybe another firewall will help the situation to keep me safe from all this abomination.

Now that I've loaded up my computer with all this stuff,
I realize that booting up my system is really getting ruff.
When I try to get on-line, it's really taking a long time.
I can't even watch a video cause it's really running slow.
 ;D    ;D    ;D    ;D    ;D

Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

ravi16aug

  • Guest
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #40 on: May 14, 2010, 05:45:43 PM »
still waiting for Vlk's take on HitMan Pro vs GData licensing

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #41 on: May 14, 2010, 08:06:13 PM »
still waiting for Vlk's take on HitMan Pro vs GData licensing

May I ask WHY ???
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

ardvark

  • Guest
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #42 on: May 15, 2010, 02:12:26 PM »
Doom, Gloom please I need more Room to add just one more antivirus program or,
something else to keep me safe from spam.
Maybe another firewall will help the situation to keep me safe from all this abomination.

Now that I've loaded up my computer with all this stuff,
I realize that booting up my system is really getting ruff.
When I try to get on-line, it's really taking a long time.
I can't even watch a video cause it's really running slow.
 ;D    ;D    ;D    ;D    ;D

Hi Bob...

And that is probably one of the reasons why "76% of Immunet users have no AV installed" as reported in a previous post by Chris. I know it was for me. ;D

Regards...

ravi16aug

  • Guest
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #43 on: May 16, 2010, 07:15:15 AM »
still waiting for Vlk's take on HitMan Pro vs GData licensing

May I ask WHY ???
In case you have been following this thread then you wouldn't be asking this question. Anyway, its because I don't find any reason why Vlk finds a product like HitMan Pro offensive.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Immunet 2.0 <<First Screenshot ever on any outside forum>>
« Reply #44 on: May 17, 2010, 11:07:00 AM »
I got the prerelease version. ;D

Link removed

The screenshots have changed

MAIN SCREENSHOT





DIFFERENCE BETWEEN FREE VERSION AND PAID









CONCLUSION

Doing a full scan right now (EDITED: Just now finished around 30 minutes). I think all this noise about cloud AVs as just useless at this point of time and year.

Immunet free version comes with Ask toolbar  >:( - Another one with Ask

Immunet paid costs around 20$

Considering all this: I think cloud AV's will not be able to replace the traditional AVs ::)

And,

Avast rocks!

I was excited about cloud AV's and I think it will take ages for them even to start dreaming about replacing traditional AVs

Nothing can replace Avast freeware offering!

You might use it as another layer of defense if you need to

Can any technical person please check if Immunet is leaching on to other installed AV's ?
« Last Edit: May 19, 2010, 04:39:56 PM by Chris Thomas »