The future of avast protection

[Lisandro]

So, the idea of an automatic (on access) sandbox is not a Comodo-only suggestion?
Are you guys running Norman in virtual machines?
Is there an on demand scanner to test my computer and check the sandbox?

[Pondus]

So, the idea of an automatic (on access) sandbox is not a Comodo-only suggestion?

Norman was first with sandbox, think it came around 1985

Omid is running it in VM see the signatur, i/we use it at work + one pc at home

Is there an on demand scanner to test my computer and check the sandbox?

Norman does not have online scanner, only the Sandbox where you can send samples
http://norman.com/security_center/security_tools/submit_file/
http://www.norman.com/security_center/security_tools/71562/71563/en

But there is the Norman Malware Cleaner http://norman.com/support/support_tools/58732/ 
or trails software http://norman.com/downloads/

[Lisandro]

Norman does not have online scanner, only the Sandbox where you can send samples

I see... It's not a batch submission process and you need to test sample by sample.
Is there any difference for virustotal? Code emulation only?
Comodo will do the same, i.e., upload the sample and test it virtualized/sandboxed, then return the answer to the user (15 minutes if it is a malware). It's a way to use the cloud and improve detection. Maybe avast could consider this.

What it's good its Normal zero-day protection then. Do you have further information about it?

[Pondus]

What it's good its Normal zero-day protection then. Do you have further information about it?

in the middel of the road....

[Lisandro]

in the middel of the road....

What do you mean?

[Dch48]

Why does Norman always get such abysmal ratings from the testing organizations then?

[GloobyGoob]

Why does Norman always get such abysmal ratings from the testing organizations then?

Because they test the antivirus, not the sandbox.

[Lisandro]

Because they test the antivirus, not the sandbox.

Hmmm... So Normal model is the same of Comodo one? A poor antivirus with a good HIPS/Sandbox?

[Omid Farhang]

Because they test the antivirus, not the sandbox.

Hmmm... So Normal model is the same of Comodo one? A poor antivirus with a good HIPS/Sandbox?

I'm not an expert Norman user, but I doubt, because it has let many malware to run up to now, like a Zbot today...  , so, is Zbot something which can bypass Norman Sanbox (after on-demand and online scan)? I don't know

[Pondus]

No AV vendor have found the holy grail to malware detection that will detect 100% ......and it will never happen, as this is an endless arms race

[Lisandro]

I'm not an expert Norman user, but I doubt, because it has let many malware to run up to now, like a Zbot today...  , so, is Zbot something which can bypass Norman Sanbox (after on-demand and online scan)? I don't know

Worse? A poor antivirus and a poor HIPS? I can't believe it is a great technology to receive an award...

[Lisandro]

No AV vendor have found the holy grail to malware detection that will detect 100% ......and it will never happen, as this is an endless arms race

Well, the sandbox could be a way... I know, usability and user friendly could be a problem...
I'm just not convinced to drop arms down...

[Lisandro]

Does avast have signatures for all variants of Zeus? Really?
Trend Micro says it's not enough...

Trend’s experts, and all the other antivirus companies, have been working on a detection process.
Julius Dizon, research engineer at Trend Micro, concluded: “To properly guard against this threat, conventional antivirus is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users.”

What can we users expect of the protection for this dangerous trojan?
Only signatures?

http://www.itpro.co.uk/627748/son-of-zeus-can-sneak-past-antivirus-controls

[spg SCOTT]

Does avast have signatures for all variants of Zeus? Really?
...

Does anyone?

I think not...we will always be playing catch up...

[Lisandro]

Does anyone?
I think not...we will always be playing catch up...

Precisely. We need something more to protect us nowadays... We can't only rely on reactive policy of signatures (even they're generic ones).