As I’ve mentioned in other posts, I’m looking to buy Avast in a few weeks when my Norton 306 runs out. I’ve noticed one thing that concerned me was the proactive detection rate. It seems Avast only caught about 30 of such threats according to the AV Comparatives test (I know that’s only one test). Considering this is the area where AVs need to be strong due to the fast emerging nature of new threats, I have to say I have real concerns about such very average results for such an important area. I guess I’m looking for a little assurance before deciding to pull the trigger.
Thanks in advance for any light you guys can shed on this.
Well, proactive part is significantly better in real world conditions, at least from my experience. 3/4 of the stuff is cought by Network Shield. Though i agree they should make more rules and utilize Behavior Shield more…
Indeed. We can’t forget that. And we can’t forget that such features aren’t on AVG free and were moved from Avira free to the paid version.
Thanks avast.
Isn’t the presence of version 4.8 making this slow?
Well, after reading Vlk comments few days ago, i’d say yes. But not so much Behavior Shield as it’s problematic to components shared between 4.8 and 5.0. Like the scan engine itself, generic detections, unpacking capabilities.
For example, 5.0 can unpack and scan the actual content, 4.8 cannot and has to use specific detection using also packer coverage to detect it. In theory they can make unpacking routines for both, but since they are pretty much completely different they have double the work which is unnecessary and only increases dev costs.
Behavior Shield is only in 5.0 so they only develop it for 5.0. But i also have to agree that all those hours of work spent in 4.8 could be more productively used to improve 5.0…
They said the translation of the avast Business Console (or something like that) would start last weekend and it would be the latest step before 5.1 and the end of version 4.8.
But, Robinson is on vacation and Igor is silently working without sending us the Passolo package ;D
For me I have always found the av-comparatives pro-active test a bit of a strange beast, as essentially it is like leaving your AV in the deep freeze and taking it out 3 months later and see what it detects with that set of definitions.
Users don’t work like that, for the most part they use the auto update function, keeping the definitions fully up to date. The problem with these tests are that they don’t truly replicate real life. For the majority of malware it originates on the internet and much of that is in the form of hacked sites, etc.
The web shield is very hot on these types of attacks and it doesn’t have to have an exact idea of what the malware is as it is essentially detecting the insertion of the hack/script/exploit which stops the malware being executed. So in a way it could be blocking malware that isn’t in the standard virus definitions and that isn’t tested.
The same is true of the network shield blocking known malicious sites and that too doesn’t rely on a specific piece of malware and that area isn’t tested.
I go by my own practical experience of over six and a half years of using avast from early avast 4.x through to 4.8 and now 5.0. Avast 5.0 in its current state is far better than 4.8 and detections have improved a lot and I see no reason why they shouldn’t continue to do so in 5.1 and 6.0 too.
So basically I don’t hold a great deal of store in many of these tests, but the av-comparatives test are one of the better ones and the standard on-demand scan is much different to the pro-active one (where all AVs take a hit compared the on-demand test).
If you can test the future, i.e., the malwares that will come tomorrow and avast does not have signatures to protect you, then they will replicate very easy in real life in my opinion.
It isn’t a good way, it’s just a way to try any mimic future threats, but it isn’t replicating real user life.
The biggest problem for me is that it doesn’t adequately test the full range of avast shields, which can block malware of an indeterminate nature and in doing so makes the protection look worse than it actually is.
When the lions share of malware comes from the internet, stopping it getting on the system is preferable to detecting it when it gets on the system and that aspect simply isn’t tested.
I think the bottom line is that every antivirus is tested the same way (av-comparatives.org). so, regardless of our preferences (mine included), avast is not as good as the “top” competitors when it comes to proactive detection.
Not if some of the shields that are there to protect aren’t even tested. The web shield provides excellent pro-active protection from web-borne malware as it doesn’t have to seek out actual malware samples but the insertion of scripts and exploits to trigger the malware. The network shield also provides protection against exploits and known malicious sites.
These shields are in regular use by avast users and contribute to the overall protection, but don’t get a look in in these tests.