Author Topic: Heuristics in Avast...  (Read 5038 times)

0 Members and 1 Guest are viewing this topic.

Waldo

  • Guest
Heuristics in Avast...
« on: July 04, 2003, 09:08:22 AM »
HI,

Why doesn't AVAST4 uses heuristics in its resident shield or main scanner ? Whas it to hard to include or does avast uses some other method to detect unknown virusses & trojans ?

I know the updates of the program are verry fast, but its always possibell that an unknown (new) virus attacks. Does AVAST look in ANY way for unknown malicious code ?

 I know it does for its mail providers (wich works just fine), why could this not be included in the other providers ?

I know (the concurency) vendors like Kaspersky & NOD32 uses heuristics (i think even Antivir PE uses it)
and also AVG 6.0.

Maybe it isn't realy important, but does avast gives the same (or better) protection againts unkown nasty's ? Its has to offer something.

Because AVAST4.0 is a real good program with superb unpacking engine, i can't believe its detecting is just database based.... tell me I'm wrong.

Waldo
« Last Edit: July 04, 2003, 09:10:00 AM by Waldo »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11848
    • AVAST Software
Re:Heuristics in Avast...
« Reply #1 on: July 04, 2003, 09:59:13 AM »
Tell me what is "malicious code"...
Even if it was possible to say what a program really does by a quick analysis (which is not), how would you say it's a virus? Does it modify executables? Well, maybe it's a hex editor, some programming utility... or even antivirus software healing infected files. Does it send e-mails? Maybe it's an e-mail client. Does it copy itself to shares? Maybe it's a communication program supposed to install this way to target machines. Does it format your harddisk? Maybe it's a partitioning program expected to do exactly this thing...

I'm not saying you can't look for suspicious things used in the viruses and hope you'll detect a new variant of an existing virus before you add it to the database, but detecting a truly new virus, just by some heuristics, is something you can only dream of. Besides, any heuristics increases the number of false alarms, of course.

If you wish, you can block some of the 'suspicious' actions, often done by a virus, in the Standard Shield - Behavior blocker.

Waldo

  • Guest
Re:Heuristics in Avast...
« Reply #2 on: July 04, 2003, 10:38:50 AM »

If you wish, you can block some of the 'suspicious' actions, often done by a virus, in the Standard Shield - Behavior blocker.


Sure thing, you can do that :)

I have set it to block deleting & formatting files. if you block more operations, you get to many warnings to work comfortable.

In one way, it works a little like heuristics because the scanner ask if you want to give permission or deny  the operation. It always gives a good explenation of wich files that want to do something. If your a little smart (and read the warning message) you can prevent bad things to happen this way.

I agree that heuristics (like other vedors use) increases the possibility of fals alert. Wich is verry bad for unexperienced users. But it did safed people before from getting infected, before new virus updates where released.
There is now way someone can deny that.

I can't believe that adding Heuristics is only a pure marketing strategy.

Although i found that adding heuristics could be an extra safety feature for an already great program.
If so many other respected vendors use this option, why couldn't Alwil include it also...they have already set the basics with their superb heuristics in Email providers.

wonder why ?
« Last Edit: July 04, 2003, 10:39:47 AM by Waldo »

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Heuristics in Avast...
« Reply #3 on: July 04, 2003, 08:05:50 PM »
In one way, it works a little like heuristics because the scanner ask if you want to give permission or deny  the operation.

Yes, but only if you or a programm really do that. It is not a heuristic, avast just control the filesystem( or similar to it, easy spoken) and something start to to things not allowed by the behavios blocker, it will ask you.

Quote
I agree that heuristics (like other vedors use) increases the possibility of fals alert. Wich is verry bad for unexperienced users. But it did safed people before from getting infected, before new virus updates where released. There is now way someone can deny that.

Maybe not, but think of a false alarm, it will enhance support  effort/cost and if a inexpert user delete such a file and the computer will not work anymore he will blame Avast, that it "destroied" his computer. If you use heuristiks you have to know what to do! Be aware that the major security risk sits 60 cm in front of a Monitor! :)

Quote
I can't believe that adding Heuristics is only a pure marketing strategy.

No it is more like a firm philosophy to add a heuristic or not. A warning from  the F-prots,  Bitdefender, RAV, Nod32(1.0) or Antivirs(macro) heuristic makes me first think of a false alarm.

Quote
Although i found that adding heuristics could be an extra safety feature for an already great program.

It is not really needful. I would intrest in which heuristic was able to detect a new Worm/Trojan/Backdoor.  Hm Nod32 2.0 was able to find one with its (advanced) heuristic, but you have to activate it by using the /AH parameter, which causes more false alarms.!:)
MfG Ralf