AVAST Heuristics - Important ?

Avast Free Antivirus / Premium Security
1

I read a review of Anti-Virus Software in our local PC World magazine and it rated AVAST quite low, because of it’s low heuristics score. I therefore removed AVAST and installed McAfee about a month ago.

My machine crawled. Last night removed McAfee and returned to AVAST.

Question: How important are Heuristics if you keep your signatures up to date ?

2

Well I have been fine without heuristics for over two years that I have been using avast. Yes it is beneficial but it isn’t the be all and end all of detection. Common sense and exercising safe hex goes a long way in protecting your system with your AV as a back-up to the human brain.

Don’t open attachments in unsolicited, unknown and unexpected emails, the same goes for clicking links in said emails. Don’t visit exotic and dubious web sites and don’t click links in them, you never know what you might be downloading or be redirected to. Keep your Browser, OS fully up to date to avoid exploits patched by MS, etc.; ensure that your AV and security software are up to date. Use multi-level protection don’t rely on only one product to protect your system.

Heuristics can also increase false positive detections if not implemented correctly so it isn’t something to be added quickly.

avast is looking at other methods of protection that they don’t call heuristics (this is likely to be in version 5 although no details are available) as that is a specifically drefined term. The use of generic signatures which can detect variants of a virus family can also help with detection.

3

Hi KiwiTT & DavidR,

Read what is behind the following link, and you have an answer to some of your questions there: http://forum.avast.com/index.php?topic=21301.0
Then heuristics has two sides to it, and one of them is rather a bad one and can lead to genuine ruin, the name of the beast is called False Positives.
FP’s can actually ruin your OS. Moreover what harm have we on hand when a normal program because of heuristic scanning is not on the exclusion list, and gets flagged as a FP, it is mere tragedy, my friends, especially for newbies (they cannot tell a FP from a real virus)
No I will happily give up my heuristic scanning, (I use the old F-prot for DOS for that purpose, better on heuristics than any other scanner).
I rather have multi-layered protection. AV + AT + FW + IDM + AS (anti-virus, anti-trojan, firewall, intrusion detection monitoring, and anti-spyware) with in-browser security added.(NoScript, AdBlock Plus, Siteadvisor, Scandoo searching, fileadvisor, hyperlink pre-scanning etc.). Secure practices can be acquired, they do not depend on added heuristics.

polonus

4

Thanks for that, both of you. I will continue with AVAST.

I run AV, FW, AS, etc. I also use FFox + extensions mentioned.

I also use a nice program called “processguard” from www.diamondcs.com.au. This will block all unathorised executables from running, and not just the ones that want to access the internet.

5

Let me say something…

As far as I know, many AVs such as CA eTrust (as far as I know Microsoft uses it to protect their network), Trend Micro, Sophos that weak in heuristics or proactive detections and also have so low overall of zoo malware detection rates (avast! is better) but they’re still successful in AV business by protect many large corporate networks and home users around the world.

Heuristic detection is nice to have (yes, I think many users still want it) but I think it’s not that so critical for avast! to lack it as long as you get avast! up to date. About heuristic, sometimes I think it’s just over hype made by some AV companies that try to make users feel constantly under ultrafast-spreading-zero-second threats and other signature-based AV is useless so you’ll need their products in order to protect yourself from these ultrafast-spreading-zero-second threats.

In my opinion, if you are disciplined user who practice safe computing practice all the time, you’ll be pretty safe with avast! Home Edition, good antispyware and firewall, if not so, even super heuristics can’t protect you.

6

Doesn’t adding Spywareguard, Teatimer or Ad-watch to the protection layers add heuristic protection?

7

If you call Heuristic as the same as Antispyware… otherwise, I think not.
Heuristic is the ‘generic’ detection and not only monitoring or spyware signature features, in my opinion.

8

I’m not sure about Teatimer, since I shut that down because of too many conflicts with other security apps and just do on-demand scans with SS&D.

SpywareGuard is quite heavy on heuristics protection, which is why updates are so far apart (current one is something like 2-1/2 years old now).

As for Ad-Watch, I’ve never gone beyond the free (on-demand) Ad-Aware SE so don’t know much about the former. But I think Ad-Watch uses specific sigs rather than heuristics, same as Ad-Aware.

9

As we know, even avast! doesn’t have so-called heuristic detection (in the classical sense of word in antivirus world) in its on-demand/on-access scanner as many other AV do.

But avast! got “Advanced” level in the latest retrospective test conducted by http://www.av-comparatives.org, avast!'s level is as good as many other AV that have so-called heuristic detection (e.g. Kaspersky, McAfee, AntiVir, Dr.Web, Norman, VBA32) and also seems to have better level than some AV that have so-called heuristic detection (e.g. AVG, F-Prot, Symantec).

This level doesn’t bad for avast!? surprise? interesting?

Although avast! 4 doesn’t have so-called heuristic detection, but hey, don’t simply underestimate its exist proactive detection method. ;D

10

Right, the latest av-comparatives.org retrospective test was quite successful for avast, it detected 22% of unknown samples - and e.g. Kaspersky detected 24% (irrelevant difference IMHO).

(IBK will forgive me for disclosing some of the data befere officially releasing them, right… :-[)

So, it turns out that even now, avast pro-active detection is not as weak as many think… :slight_smile:

11

I think spyware / adware detection is more important than heuristics, what plans if any does avast have regarding this?

12

ok, i forgive you ;).

13

IBK, couldn’t the test results make the ‘thruth’ clear? I mean, people do not realise that ‘things’ change. For instance: we found in the Net that avast is very bad in false positives… well, how can we change the public mind on this?
Heuristics is the same… All the times, Kaspersky comes at the first place and seems nothing can be close to it in detection :-\

14

I fully follow this opinion…

15

yes, by showing real facts/tests to the public maybe they change their (wrong) opinions. Avast had few false positives, compared to some other products…

16

@IBK
False Positives are very relative, where McAfee/avast!/Kaspersky gave me plenty, Dr. Web didn’t cause me a single fp (while they’re rated of having a high number of false positives).

It’s all about what kind of files and programs the user has on his/her computer. Lots of the files (and some programs) that caused me fp’s are strictly confidential and can’t be submitted.

17

if they are so strictly confidential, those files are probably not found often on many PC’s of users. If they would be distributed somehow or occur in applications used around the world, the damage/noisance caused by the FP would be bigger & more relevant.