CyberCapture works on low prevalent files downloaded from web and then executed. But is it only files from the web and are there more conditions that need to be met???
CyberCapture is basically an inverted Secure Virtual Machine. It does same or even extended analysis, but on avast! servers. What type of analysis is done and are the detections good?
Since the file is uploaded to Avast servers - if a file is 15 MB then the full 15mb file is uploaded to Avast servers or just parts of it?
That part about files being downloaded from web only triggering CyberCapture is bizarre. What if file arrives via USB thumb drive? avast! will just ignore it because it’s not from a web link? Unfortunately we never got answer to that from avast! team for some reason.
Sorry, but that’s a bit dumb design. Whole point of proactive features is to keep all entry points covered. Only covering web downloads, even though most common is like wearing bullet proof helmet, but no bullet proof west… Makes as much sense…
I don’t understand logic behind their design at all. Wouldn’t collection of as many unknown EXE files as possible make more sense? Then you throw them through a huge system of sorting and classification, not necessarily directly to NG on their servers. That’s how you proactively combat unknown malware and protect all entry points later on without the need to focus on a single infection vector only…
Seems to me there is no need to upload every file.
Get the hash from a file.
Upload it to the avast server.
If it is unknown upload the file.
If it is known, there is no need to upload the file.
Seems to me much better for people with a low bandwidth and especially for those who have a data limit.
So, you’re leaving out P2P, e-mails and USB sources entirely. Very bad policy. VERY BAD. And it’s kinda becoming a tradition with avast!. Awesome new feature released and then you start digging and you realize it’s once again limited to a very specific narrow scope of potential malware. Why are you guys doing this all the freaking time? :-\
It’s almost hard to be enthusiastic anymore about new technology in avast! because I can already tell you this won’t really have a noticeable impact on end user protection. It’s again just a trend that keeps repeating and I very much want you guys to finally prove me wrong…
I don’t like this implementation…so only for downloaded files?? what if its already on the pc? or comes from a usb stick…this isn’t comodo sanbox.Hell! even they have a setting to change that.
And why even implement this if it can’t even cover e-mail and P2P…Come on! I am sure avast! team knows Locky and other threats are spreading from e-mail. Stop trying to make this Norton Download Insight I hate that :o
And what happened to the sandbox anaylsis? Can’t they just link up the files that are sandboxed to their servers to analyze them.What’s the catch for cybercapture?? doesn’t do what the sandbox or ng used to do?? atleast we avast! used to sandbox unknown files…downloaded or not.
There are many other ways of getting infected such as via email, P2P, FTP and USBs - will avast just let those malware through.
Seriously, this is frustrating, you hear something positive and you’re excited about it and then when more details emerge, it’s the same old Avast.
A lot of malware testing done by AV vendors and people who test malware on virtual machines download the malware and put it on a USB to transfer to a virtual machine, that would simply mean that CyberCapture would be useless in those cases.
I seriously think the Avast team need to rethink this.
Glad to see some excitement about CyberCapture here – it indeed is quite an exciting piece of technology (really taking benefit of a bunch of things that we have been building for years) and we can’t wait to see it in action – that is, can’t wait till the Nitro Update really starts rolling out to millions of users and our backend systems start getting some serious load with this.
Anyway… I totally hear your concern, and would like to say one thing from the very beginning: there’s absolutely no design limitation that would imply that CyberCapture can only work with http/https downloads. And in fact, we totally plan to extend its scope in the upcoming weeks and months. The beautiful thing about it is that the decision process takes place (again) in the cloud, so these things can actually be changed at any time.
The reason why we have limited it to http/https downloads for now is that this is the category of files that carries most infections, and at the same time, contains some additional metadata (e.g. the source URL) that allow us to minimize false positives and generally make faster and more accurate decisions. And it also allows us to slightly lower the number of files coming to the system, which is important to make sure our backend stuff can gradually handle the load (we’re quite confident we have built them robustly, but it’s always a good practice to roll such things out in stages).
Remember, CyberCapture has been in production for about 1 day now. Here’s a proposal. Let’s give it a bit of time, and make sure that it handles the http/https vector really well (which would already be quite an accomplishment, given that statistically, 85%+ of all malware comes through that channel). And in parallel, let us work on the other vectors.
That’s a fair enough deal and that it will reach other vectors soon.
But it’s important for you guys to realise by not including other vectors such as USB, you will be missing malware. Many users don’t run a file straight from the Internet, they might save it to the USB and run it at another time too for example.
Thanks for your explanation Vlk. I hope it lives up to its expectations.
I know it’s a long shot, but would be nice if you could provide CyberCapture webpage with some statistics how service is operating, what’s the malware hit ratio and other interesting statistics about it. So we can kinda see how many received files are marked as malicious, how many were found clean, what countries have most new detected malware through the system and all that.
Since introduction of faster evolving program with monthly updates and relocation of a lot of things to cloud, I hope CyberCapture will evolve into actually powerful feature and not yet another cool tech that never really made proper results to the end users.
How about a site where you can check files if they are unknown to it, marked safe, malicious or undefined?
So that also Avast can be informed of malwares that are mised by it to keep improving it or other was save the analysis data of each file thats marked clean or undecided and check it manually to keep improving it
I think it’s better to keep it program only so malware writers have a really hard time creating malware because they can’t just check through webpage, but they’d have to actually test on a functioning program that would be able to feed captured data to the cloud and track all their malware writing process. That’s the huge benefit of cloud, malware writers can’t ever be sure how system will react to their attempts to bypass it.
Stop trying to make this Norton Download Insight I hate that :o