The major problem as I see it is that Behaviour can be interpreted in many ways, the same as Heuristics, but the real issue here is what is actually monitored (sensors) by the Behaviour Shield. So if the behaviour shield doesn't comply with your interpretation of what a behaviour shield would do, then you are likely to say it isn't working or isn't working as you think it should be.
The avast behaviour shield isn't like things like threatfire.
So it is still focused in these same areas Vlk mentioned before and will continue to evolve:
- avast! Behaviour Shield, general information from an interview Softpedia - Ondrej Vlcek
Ondrej Vlcek:
The Behaviour Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.
For now, the Behaviour Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.
So the major improvements in the addition of more sensors behaviour monitoring from the above (in bold) aren't due until avast 5.1. For the most part the improvements in the new build numbers has been one of performance so they don't slow system performance (which many complained of).