Avast New Cloud Feature Questions?

[Jack 1000]

Hey Guys,

1.) On Avast 7, what features/settings can be changed in the Cloud through the GUI?

2.) How does the Cloud work to avoid server overload, since Avast Definitions are now released when available?

3.) Will the instantly available definition updates, also apply to Program updates in the Cloud when new program versions are released?  Will update options be able to be modified/turned off in settings?

Jack

[Lisandro]

1. Enable/Disable.
2. It's very small and does not overload the servers even with million of users. The infraestructure will grown if/when necessary.
3. They're applied instantly.

[BTIsaac]

In the settings menu, you can chose to disable and enable two features related to cloud services. I turned off both. They seem pretty pointless to me.

[Jack 1000]

In the settings menu, you can chose to disable and enable two features related to cloud services. I turned off both. They seem pretty pointless to me.

Thanks!

If you disable cloud services, than does Avast go back to the traditional 4 hour check for updates schedule like in previous versions?

Jack

[Lisandro]

They seem pretty pointless to me.

Pointless? They're a major security protection to zero-day malware of avast 7.

[Lisandro]

If you disable cloud services, than does Avast go back to the traditional 4 hour check for updates schedule like in previous versions?

Yes. Or any other lesser interval you've set into avast settings.

[BTIsaac]

Pointless? They're a major security protection to zero-day malware of avast 7.

The reputation services or the streaming updates? How exactly does it work then?

[Lisandro]

The reputation services or the streaming updates? How exactly does it work then?

Both.
Reputation checks prevalence and emergence of executable files. Rare files and very new ones (that nobody has around the world) could be zero-day malware signal.
Streaming updates are more frequent and smaller than the common updates and will release the updates almost just in time to protect you.

[BTIsaac]

Reputation checks prevalence and emergence of executable files. Rare files and very new ones (that nobody has around the world) could be zero-day malware signal.
Streaming updates are more frequent and smaller than the common updates and will release the updates almost just in time to protect you.

I can see how the first one can be useful, but I still see no point for the second one. I mean I'm still getting the same signatures right? It just keeps the program working non stop to download data which it would acquire anyway in just a few hours.

[Lisandro]

The streaming update works over and on top of the normal updates.

[FlyingRobot]

Pointless? They're a major security protection to zero-day malware of avast 7.

In what way?  Tying people to the cloud so that their machines are used as instrumentation to look for newer malware versions/tactics theoretically could result in more rapidly improved periodic updates.  If the periodic updates are promptly and fully improved to reflect the knowledge gained by avast's cloud, even a user running without avast cloud related features enabled would still fully benefit once they've received their next update.  IOW, there would seem to be just one n-hour window during which that user would be vulnerable and only if they happened to download some brand new malware that had just been recognized by avast's cloud.

I don't know if I'm communicating the idea well, but what I'm trying to distinguish between is cloud enabled improvements to knowledge of malware vs cloud enabled improvements to detection of malware once that knowledge is gained.  For many professionals, the cloud related features are just too much of a security/privacy issue and *cannot* be enabled *ever*.  A short n-hour window of potential vulnerability to only bleeding edge malware certainly wouldn't be desirable, but that would be acceptable. 

[Lisandro]

Even a user running without avast cloud related features enabled would still fully benefit once they've received their next update.

Sure. 4 hours later. Streaming updates will rise to 20 updates a day...

IOW, there would seem to be just one n-hour window during which that user would be vulnerable and only if they happened to download some brand new malware that had just been recognized by avast's cloud.

Yes... and these few hours would be enough for some (or many) computers to get infected.

I don't know if I'm communicating the idea well, but what I'm trying to distinguish between is cloud enabled improvements to knowledge of malware vs cloud enabled improvements to detection of malware once that knowledge is gained.

It does both.

For many professionals, the cloud related features are just too much of a security/privacy issue and *cannot* be enabled *ever*.

If file uploads is involved... maybe. But what more could be a privacy issue?

[BTIsaac]

The streaming update works over and on top of the normal updates.

Does that mean if I disable it, there are signatures I WON'T be receiving? I really hope I misunderstand because that would make no sense.

[PierreH]

If I understand, for Avast to be efficient we shoud stop to run other  anti-malware  on our PC ?

[FlyingRobot]

IOW, there would seem to be just one n-hour window during which that user would be vulnerable and only if they happened to download some brand new malware that had just been recognized by avast's cloud.

Yes... and these few hours would be enough for some (or many) computers to get infected.

Some or many at the world level though.  The probability of many computers on earth being infected during such a "vulnerability window" could be 100%.  However, the probability of "the average computer" falling victim to that would be much lower I think.  If we're talking about a cautious user or admin who disables automatic updates (the installs, not the notifications of availability) and is careful about what they install and from where and when, I think the probability would be much much much lower.  I seriously wonder if it would even register as a threat worth worrying about.

I don't know if I'm communicating the idea well, but what I'm trying to distinguish between is cloud enabled improvements to knowledge of malware vs cloud enabled improvements to detection of malware once that knowledge is gained.

It does both.

If by that you only mean the more frequent, "streaming updates" would count as "improvements to detection of malware once that knowledge is gained." because they would narrow the window of vulnerability then we are on the same page.  If you are (also) trying to communicate that it isn't just a matter of how large the window of vulnerability is, I'd welcome clarification.  For example, as BTIsaac just questioned, if some malware signatures/descriptors are only distributed when the cloud features are enabled that is a very important detail. 

For many professionals, the cloud related features are just too much of a security/privacy issue and *cannot* be enabled *ever*.

If file uploads is involved... maybe. But what more could be a privacy issue?

Yes, the uploading of information (whole files, piece of them, hashes of them, file names, URLs, hostnames, whatever) is the key concern I was referring to.  However, as the OP touched upon (and I don't think this part was explicitly answered by anyone), a related concern would be pushed changes to the software program and/or its settings.  The conceptual idea being, that pushed "malware definitions" can't really put the target machine at risk (the common belief, maybe true maybe not) whereas pushed changes to the program and/or settings could (and thus need to be tested or at least sanity checked somehow).