Cloud Services - a gimmick?

[EriicTheAvaster]

Can someone explain the new Cloud Services to me? Based on the available information, they seem like a gimmick.

Take the Reputation Services. It supposedly compares a file on your system to the experience other Avast users had with it, or in the words of Ondrej Vlcek, CTO of AVAST Software "Once a new file has been opened a few hundred times, we have a good idea if it is malicious or not, then we communicate this information with all of our users". But the experience of other Avast users will be based on the Avast definitions and heuristic analysis, which are already shared by everyone. Therefore no new or additional information is introduced in forming the Reputation Services assessment.

To put it simply, there's no point in checking what the experiences of other users is; being based on the same definitions and heuristics everyone uses, the experience will be the same as yours. Therefore the Reputation Services don't really add an additional layer of protection, they simply reuse the one already shared and used by everyone.


As for the Streaming Updates, it seems like a worthwhile idea, but with avast already updating several times a day, i feel the sense of security they provide is more psychological rather than one that drastically increases actual safety.

I welcome other opinions on the matter!

stloloth, I may not be up on current tech lingo about Avast Free Cloud but I did a recient scan of my computer using Avast Cloud and it did not.....I REPEAT DID NOT get rid of a very irriatating Dame Ware Trojan that is effecting my P Computer.   I scanned my computer both online and off line, it seems scanning it works better offline; the Trojan is in question is called "Mini Dump"  Sierris and gets into your temporary files from your Internet Explorer from even your signup page on MSN.com and Ca.MSN (MSN Canada).    What it does is infiltrate your computer in about 1 1/3 of a month weakening all your computer systems destroying your C Drive, or that is what it did to my old P Computer that I had for 18 years.    Once it infiltrates then Avast does not recognize it for what it is a very nasty Dame Ware Mini Dump Trojan; when you start reformating your computer it seems to take more and more out of C Drive, leaving any backup drives intact but your computer ruined.    It costs Personal Computer Users alot of money to buy very good Anti Virus programs and it costs still further money for updates every year while Hackers and Crackers buy very similiar programs or even very dangerious Remote Access programs which are even more and more tech against the computer users, I feel as a Personal Computer User and an internet user hung out to the cleaners by the battle between Anti Virus computer companies and the Internet Server Companies creating programs supposedly used by Internet Service Providers but it windsup in the hands of the Hackers and Crackers whom should not have those programs but do because they can afford to buy them.

[Lisandro]

It costs still further money for updates every year

Of course you're not referring to avast! free antivirus...

[EriicTheAvaster]

In theory i agree with you, the more data collected by avast about various files in the wild, the greater the chance of correctly analyzing and classifying those files. But let's look at what kind of data Avast takes into consideration. Here's a link to an article describing the FileRep feature: http://www.avast.com/pr-avast-software-detection-is-faster-when-filerep-knows-all-the-clean-files

The article mentions that the attributes it takes into account are how recent/new the file analyzed is, how prevalent and quickly spreading it is, means of distribution, digital signature presence, and the source URL. The only thing there that i see as a valid indicator of infectiousness is the source URL, as it can be compared to a database of known malware domains. But this sort of protection is already widespread and implemented at many levels. As for the other attributes, a newly emerging, quickly spreading file can equally be an indicator of a valid program and of malware, so i don't see how those indicators help. The presence and absence of a digital signature means little to nothing, as they can be counterfeited, and aren't commonly used. It all seems like a great recipe for a lot of false positives.
I suppose the means of distribution is a somewhat valid indicator, as exe files in emails are a red flag, but that's hardly a revolutionary mechanism of prevention, or a substantial one as this is not a prevalent mode of infection.

Another quote from the article says "FileRep is designed to counter the growth in polymorphic malware where every user gets an “individualized” version which traditional signature and heuristic AV techniques have a hard time identifying.". So the file identifier in this case becomes it's name? In which case if the name is simply randomized along with the contents the whole system becomes pointless, no?

It's possible that the mechanisms of prevention might actually be more thorough than described in the article, and that my analysis of them could be limited. But based on my current understanding, the features seems like a gimmick with little to no use.

I agree with Stloloth and Igor; even to Avast Tech trying to help out......lets see if I get "fuzzyness" straight?!    Ok if you are either in email and you get a suspicious email that sends you to a blank page or one that you think is copied with info and viruses put into it then your AV is less sure weither the information you get in there is legal and not hacked.   From what I seen in "Fuzzyness" at signinpages at websites on MSN.com allow these sorts of Viruses and Trojans to invade the browsers, not only is MSN IE infected but Google, Firefox and many others can be too all at the same time.   That is what makes it so scary that Remote Access Programs can be so devastating as it was for my own older computer.   The fact that an antivirus program cannot detect these things makes it all the more important for Computer Antivirus companies to make sure their Free Online AVs are atleast 75% as good as their storebought Anti Virus programs.   Avast Techs if you don't want the computer users to have their computers be "expensive doorstops" then get your programers together on updating Avast Cloud to recognize RA programs as threats.

[EriicTheAvaster]

  No I had Panda AntiVirus on my computer for nearly 2 years and they after 1yrs hinted I had to send them $20 Upgrade fees to have their antivirus storebought program updated......so I sent them the fees for a year and 2 months and my computer still caught internet viruses and trojans while I was a customer of their's, I switched to Norton Anti Virus but it slowed my computer down so much with updates and upgrades that My computer was spending more time upgrading and updating than I was being online so I had to uninstall Norton Antivirus; atleast Avast Free Anti Virus strikes a good balance between updates, protection and a person being online.   If your program instore is as good as it is in Free Online as it did when it detected the Mini Dump Virus of the Dame Ware Company, in about 2 months I just may buy your Avast Program at my local computer store, I had Zone Alarm also about 6 years ago that was one very good program and let you know where the virus programs and trojans were comming from.

[Dch48]

I don't think you can buy avast! at a computer store., There are no boxed product versions.

I do not think the new cloud features are a gimmick at all. They are in their infancy, especially the FileRep part, so will not, and can't be expected to, work as well as they will 6 months from now. The streaming updates are already working very well and can only decrease the possibilities of being infected. These features are things that a certain competitor, Symantec, has been using for years now and they have worked very well for them and have received nothing but positive reviews as far as I have seen. I'm sure they will significantly increase the effectiveness of the avast! product in a relatively small amount of time.

[stlolth]

Anyway, I think I've spent a bit too much time trying to explain something, and I probably haven't made the point through, so I guess I'll rather do something productive instead. The FileRep system is new, and it will certainly evolve in the near future. We'll see how it goes - but so far, it's been doing pretty well (in terms of helping to discover unknown malware).

I don't like to leave things on a note of discord, nor is there reason to, so i will say that you've made some fair points, though a bit vague, but possibly for good reason. Hopefully there really is more to the FileRep mechanism than mentioned in the article, as you yourself have said. I still find the wording a bit misleading, as it doesn't really succeed where standard definitions and heuristics fail; what it does is augment them, while still in part relying on them. It's only fair to note that regardless of my doubt expressed in Cloud Services, i intend to use them and leave them on, and for the time being am quite satisfied with my experience using the free version of Avast.

So thank you for your input, and here's to the success of Cloud Services.