The future of avast protection

[Lisandro]

Today I've read the following page:
http://antivirus.comodo.com/innovation/

That's where Comodo's patent pending Auto Sandbox Technology comes into equation.

As I've said, I've taken contact with it some seconds ago...
I want to public apologize for bringing up to avast users and team a patent pending technology.
Sorry for the inconvenience. Since from beginning, my intention was to make avast better and increase protection.
Let's struggle with other arms.

[Omid Farhang]

Yes, very good reasons for that.

I believe that one of the key drivers of avast's success is its relative autonomy and unobtrusiveness. You have to realize that with the 100M+ userbase, your users are no geeks. In fact, they are people who assume avast would do its job (= keep the machine clean from malware) but also that it wouldn't mess with anything the user does. Introducing quite radical measures such as running all unsigned/unknown binaries in a sandbox would admittedly generate a lot of confusion and is generally not compatible with our vision of transparent security.

At least that's what my intuition tells me.

And this is the reason I recommend avast! to those users who wants free security software and also wants something set it and forget. It don't hurt performance, don't pop-up too much, don't ask technical question, ideal free software for everyone who is not computer savvy!. even that I'm an avira user, I don't recommend free version of avira but I tell them go for avast, I've installed avast for at least 20 friend and family.

Vlk shared very nice ideas, but there are something, how long it will take those dreams come true? I afraid when avast reveal new software too late and we see new generation of malwares which those features that Vlk said don't be able catch them anymore 

[SpeedyPC]

SpeedyPC, avast is NOT moving toward the HIPS, as it is not a transparent security tool.
I'm glad of the direction that avast took, but, of course, everything depends on the implementation and how deep the behavior shield could analyze the files. Otherwise, zero-day protection will require further improvements imho.

Mmmmm if that the case avast is NOT moving toward the HIPS, then its gunna need a real mean weapon to keep up with all kinds of Avast behaviour shields, virus detection rate and sandbox for zero-day protection otherwise Comodo will end up in highest lead proactive security protection against Avast that's worries me

[Vlk]

Tech, with all respect, I don't really care about Comodo AV (and/or whether any part of it is patented or not).

That is, besides the occasional giggle at some of the posts of their fanboys/CEO (found on both Comodo's own as well as other forums), I don't think there's much there.

Thanks
Vlk

[Dch48]

Another point is that the CEO of Comodo himself has stated that the AV is not there for enhanced security but rather for enhanced usability of the suite as a whole by reducing the amount of alerts and popups users have to deal with in a default deny approach.

He has gone as far as to say that the AV is not even necessary for complete security. 

I have grown completely disenamored of Comodo's approach and am firmly on the side of transparent security as described by Vlk.

[Lisandro]

Tech, with all respect, I don't really care about Comodo AV (and/or whether any part of it is patented or not).

Maybe you don't, but other users (and other avast members) said/thought I was hyping Comodo here.

[Lisandro]

Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. (...) It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not.

(...)

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info)

Vlk, can we say that the concepts of HIPS and Behavior block of this article (http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm) will be the ones used by avast?
I mean specifically:

Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good (allowed) or it is not.

Thanks for your support.

[clocks]

Now, with Avast 6.0 (which is coming sooner than you may think), it's a different story. Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not. Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox. If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info) but this is, at a glance, how it's going to work. What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).

Nice!  This sounds fantastic, and a better implementation of sandboxing than some other companies have used.  I look forward to testing it out.

[scythe944]

Avast 5.1, due next month, will not really have any meaningful differences besides improved malware removal/cleaning (I mean, it will have quite a few new features - such the 64-bit boot time scan and new stuff in the Behavior Shield - but none of these features are that related to the topic of this thread). V5.1's main feature is the central administration (i.e. a feature not really interesting to end users) - and it will also be marketed this way (as a corporate product, essentially).

Sorry to be a bit off topic... but Finally! A real answer from someone from Avast!

V5.1's main feature is the central administration (i.e. a feature not really interesting to end users)

But interesting as heck to me!  

[Rednose]

Very interesting what Vlk told here

Greetz, Red.

[bob3160]

Better late than never.
Auto Sandboxing - no thanks, bot for me. It's too much of a drag on the system and overall performance.
(I have it available now but don't think I've ever needed to use it.)
In the Cloud protection - yes, great idea and hopefully soon.
(Even though avast! already floats above all the rest. )

Avast! 6 soon OK I'm ready to start beta testing Oh wait, 5.1 isn't out yet.   

[Lisandro]

It's too much of a drag on the system and overall performance.

Sorry, Bob, but seems you don't understand the technology.
You don't have, of course, to be in favor of it.
But calling him a "system and overall performance" drag... is, sorry, a non sense.
 

I have it available now but don't think I've ever needed to use it.

Where? On demand sandboxing? It's not the point here. It's an on access sandboxing.

In the Cloud protection - yes, great idea and hopefully soon.

I'm in favor also. But it will take bandwidth and, of course, system resources that you're trying to save...

[bob3160]

But calling him a "system and overall performance" drag... is, sorry, a non sense.

If it's not a system and performance hindering application than why does it slow down your system
Maybe you haven't used it lately
On access sandboxing  meaning when you use the application to run it sandboxed. It still requires the intervention of
additional system resources therefore slowing down your system.
Unless you've found a way to do this without using resources??? Maybe it's another Comodo trick we don't know about    

[Lisandro]

If it's not a system and performance hindering application than why does it slow down your system

What does slow your system?
Do you use auto sandboxing? Of which program?

On access sandboxing  meaning when you use the application to run it sandboxed. It still requires the intervention of additional system resources therefore slowing down your system.

It's only for unknown executable files (not whitelisted).

Unless you've found a way to do this without using resources??? Maybe it's another Comodo trick we don't know about    

Of course it uses resources. Everything uses resources.
But it is NOT a resource drag or hog. In fact, it uses very little resources (less than simple scanning for instance).

[bob3160]

This is something I'll have to see to believe. Sorry Tech.