Author Topic: Two Hypothetical Examples About Virus Detection Using Avast  (Read 2448 times)

0 Members and 1 Guest are viewing this topic.

Jack 1000

  • Guest
Two Hypothetical Examples About Virus Detection Using Avast
« on: December 02, 2011, 10:05:48 AM »
I am interested in the communities' discussion to the following examples:

Let's assume that Joe and Joe are both Avast users running the latest version of Avast on the same OS.  They both have their settings to the default position.  Upon Avast Registration BOTH choose to participate in the Avast Community.  They leave all program settings at the default level.

Example One:  Joe does a full scan and Avast finds a virus.  Joe moves the file to the virus chest and than sends it to the virus lab for testing.

Example Two: Jane does a full scan and finds a virus, moves it to the virus chest, but does NOT send it to the lab.

Questions:

1.) Is Joe better off than Jane because he submitted the file to the lab and Jane did not?  If so how does Joe benefit?

2.) Does the lab/Avast know about Jane's virus even if she does not send it from the chest to the lab?  Remember, in this example, she participated in the Avast community, so is she at a disadvantage by not reporting the file, and why?

Assume for this argument, that both files are viruses and not false positives.  If both people in this example are equally protected, how does the lab help in this situation?

Jack

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Two Hypothetical Examples About Virus Detection Using Avast
« Reply #1 on: December 02, 2011, 10:55:11 AM »
Just to add my bit! Jane's virus would automatically be sent to the lab when the next virus def's updated anyway which puts her back on the same playing field as Joe  ;)

Jack 1000

  • Guest
Re: Two Hypothetical Examples About Virus Detection Using Avast
« Reply #2 on: December 02, 2011, 11:14:16 AM »
Just to add my bit! Jane's virus would automatically be sent to the lab when the next virus def's updated anyway which puts her back on the same playing field as Joe  ;)

It seems like in the example, Joe's virus would get to the lab faster for analysis.  But Avast says, that the submission goes to the lab with the next update, so I would guess that both users would be on the same playing field.  If there are, other than maybe to do tests for false positives, what would the purpose of manually sending files to the lab be?  The program will pick it up and the lab will do testing when the next definition file goes out anyway.  Whether this is by user request or automatic.  At least that is how I am interpreting this.

There is a good manual use I suspect, if you just want to Add Files to the chest you are not sure about and send copies to the lab for study.

Jack

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Two Hypothetical Examples About Virus Detection Using Avast
« Reply #3 on: December 02, 2011, 11:53:55 AM »
I don't get it, as avast made the detection in both instances. So both have the same level of protection at that time.

Unless Joe is sending it to avast as a False Positive, in which case all users benefit from it. When analysed if found to be an FP then they are generally corrected very quickly. But you are saying "Assume for this argument, that both files are viruses and not false positives." This blows that point out of the water and takes me back to my first comments. "I don't get it, as avast made the detection in both instances. So both have the same level of protection at that time."

The virus labs, via the CommunityIQ transmits some data (on detections and possible suspect behavior without a detection), but that is anonymous so can't/shouldn't be linked to a specific user.

I don't know when the CommunityIQ data is transmitted, only submissions to the lab are sent on the next update 'check' not physical update. I also believe that that update check is advanced and doesn't wait say 3hrs 59min if you had just done an update check before doing the submission.

The most salient point I can make is don't delete, send to the chest (default action) and periodically scan files in the chest (every few weeks) and those still detected could be deleted then.
« Last Edit: December 02, 2011, 11:55:52 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security