Avast 2015 Free - Will it include the micro-VM feature (NG/virtualbox)?

As I’m reading articles about Avast 2015 and reading posts here, and because most articles only mention Avast 2015 and not whether they are discussing the free or paid (Pro) version and similarly with this forum mixing the free and paid versions together, it is unclear as to what features of Avast 2015 payware will be included the freeware version. Even http://www.avast.com/en-us/index does not go into detailed depth of the differences.

It looks like Avast 2015 will add micro-VM’ing of applications. That is, apps will run isolated in their own virtual machine (or something like it). Does this happen with all apps or only with unknown or bad-reputation apps? And will it be a feature in the freeware version or just in the payware versions?

I’m rethinking what to include as the ingredients in my security “soup” on my hosts. Bitdefender Free was a possibility (after they altered their rude behavior regarding quarantining) but its IDS doesn’t work in Windows 7 x64. I’ll probably add MalwareBytes Anti-Exploit (and forego Microsoft’s EMET) with whatever AV product that I use. I already have Malwarebytes Anti-Malware freeware as a second opinion on-demand scanner and might add HitmanPro as another. But I’m rethinking what I want for the base or primary security software.

I’d like to stay with Avast Free but really need to know which of the great new features in the payware version have been adopted or excluded in the freeware version, one of which is the micro-VM scheme. Did the Avast NG component make it into the Deepscreen feature in the freeware version?

http://malwaretips.com/threads/avast-ng-what-is-it-avast-2015.35640/ discusses the NG component but, again, it mentions “Avast”, not “Avast Free”.

Also, since that article mentioned “VirtualBox”, is Avast making use of Oracle’s (used to be Sun’s) VirtualBox VMM (Virtual Machine Manager) to sandbox the apps? Do all apps get virtualized or just unknown (non-whitelisted) ones? Looks like it won’t be enabled on hosts with CPUs under 2GHz even if multi-core (might not be an option to enable to test if performance hit is acceptable to override the default of disabled when it checks the platform’s stats).

I agree that webpage is very scrimp on the information for version 2015. It’s hardly any mention of anything other than a very basic chart. So here it goes.

Everything that falls into a core protection is identical for ALL avast! editions. So, anything that is crucially needed for protection is the same in ALL editions. Signatures, cloud, heuristics, behavior detection etc. That’s their philospohy ever since i can remember using avast! (and that’s since 2004 i think).

avast! NG is a core protection element and as such is shared between ALl editions of avast!. avast! NG however has few limitations that cannot always be met on all systems. Some don’t support hardware virtualization (basically all pre-Athlon 64 processors and Intel equivalents), some systems don’t have enough RAM, some systems have way too slow HDD’s, there are quite some factors that dictate NG capability/support. That’s why you may see some systems unabled to install or use NG. Those are still indirectly protected by the cloud where users with NG will analyze files, submit the data to cloud and regular users will get protected by the “old” AutoSandbox which will use the submitted NG cloud data in real-time (it’s now possible, wasn’t before in 2014, at least not to such extent).

There are also other NG based technologies planned, SafeZone (secured space for online banking) and Sandbox (on-demand execution of suspicious stuff in a secured sandbox). Both of these features however are non-essential (they add up fucntionality and additional security for more demanding users, but aren’t strictly essential) for protection and will only be available in paid versions. Like they were before when they weren’t using NG technology. So, for free users, nothing really changes, apart from getting a way better DeepScreen emulation.

I might’ve been in the Beta sub-board where I saw someone mention the NG feature would be disabled (and not enable-able) on hosts with CPUs that are under 2GHz FSB. Even if the user wanted to see if they were willing to endure any responsiveness or performance impact on an application they couldn’t test NG by enabling it.

I have 8GB system RAM and lots of freespace on my HDDs (570GB on C: alone). I haven’t gone into the BIOS to see if there is a VT option (to enabled CPU-assisted hardware virtualization); however, I have seen BIOSes that didn’t list this setting simply because they don’t provide the option to turn it off (they have very simplistic BIOS configs). My concern is the CPU. Mine is just an Intel Core 2 Quad but only runs at 1333 MHz FSB max. If the NG check cuts off that feature for CPUs running at under 2GHz then I’m SOL regarding NG. If the NG test fails and it is disabled, is there an option to enable so the user can test what sluggishness might result?

By the way, what does “NG” stand for? I’ve read lots of articles here, beta sub-board, and elsewhere but no one has said what the initials mean. The common abbreviation means “no good”. Doesn’t seem like something Avast would want their feature named. It’d be like someone coming up with something called “Synchonous Heuristics Intrusion Trust Tracking Yield” and then later realizing what the acronym spelled.

I can confirm that it is in the Free version. I just installed it and tested it with the autosandboxme2.exe file I found in another post.

NG stands for “Next Generation”.

If your system does not have “hardware/virtualization technology” you can rest
easy since the new “dyna-gen” technology has strengthened deepscreen too. 8)

A lot of limits were removed because we felt they were to strict. Some are still in place and i’m aware of the disk speed rating, not sure what the exact limit is, but i know seeing logs from an user whee NG installation was canceled because of the too slow HDD.

Sounds like NG is great benefit but for those having issues perhaps a way to disable so they can use rest of 2015 or is it solely up to Avast to decide on install ? I’m just guessing NG is going to go thru some tweaks for optimization/etc. so for those having trouble with NG it may be in best interest of Avast to make sure those users are on 2015 in mean time. For the “brief” moment I was able to run 2015 I saw a setting in V10 about hardware virtualization…and warning if turned off/etc…would that have been it ?

Pretty sure I mentioned to you in another thread how to disable it…

-Noel

Technically speaking, NG by itself isn’t taxing and i don’t understand how it would affect anything. If you look at the task manager, you’ll see it’s hardly using any resources. I’d understand potential perfromance problems when malware is actually being analyzed within NG when CPU and RAM usage will go up. But if avast! is not doing that, i really don’t see how NG would affect anything for longer periods of time. When it boots up VM’s i expect some performance penalty, but that’s just a temporal thing and not something it would last for 3 hours or all the time. Unless of course there are deeper issues in progress (which is often a reason).

Thx…I like the idea but I’ve had some (not a lot) experience on VM environments and the one thing I did find is that they are finicky in how well they work based on the hardware. I’ve read some of the discussions on how Avast & BETA team are trying to “assess” (eg. CPU, RAM, HDD, etc.) a target PCs ability to handle. I don’t know if this is doable across 200M users. I realize that NG settles with little resources but the very thing it seems extremely taxing on is the snapshot setup and this is during the time (boot/login) when the PC is trying to address other items which are taxing. IMHO I just don’t think the average user is going to put up with a slow system for 5-15 minutes (assuming all goes well) of NG at boot. Of course no way to know until Avast puts this out there and trys. I like the concept of NG…just not sure it maps to the masses…we’ll see. Perhaps as Avast Team tweaks V10 they will find other ways to optimize NG to be less of a potential issue. I think the “average” user will install a piece of software and before they judge the merits of the features notice how their system is working after reboot…without the “average” user digging into what NG is doing both it and HTTPS scanning can give the user a “perceived” bad experience.

Hmmmmmm…thx, did not see this when I tried to install it on 21st…had to uninstall V10 but am going to retry and untick NG & when booted untick HTTPS scanning…play with V10 for awhile and see how works then try each again.
What is the setting in SETTINGS call “hardware virtualization” (forget exact name since don’t have V10 installed) ?
I forget if in general settings or where but I recall something like this there.

What is the setting in SETTINGS call "hardware virtualization" (forget exact name since don't have V10 installed) ?
Not sure what you're talking about. Enable DeepScreen, maybe?

-Noel