As new Malware are constantly Rising some Antivirus vendors such as BitDefender have developed Heuristic Detections which greatly improved their detection rates. Do you think that Avast should develop heuristics as well in order to increase its detection rate ??
I agree with bob3160 here. Heuristics are something for a HIPS program or an Intrusion Detection program. HIPS can be very annoying. FPs can be a real pain in the proverbial behind, because if they are for data that are essential for the functioning of your Operational System, you have a problem.
If you like to check something that runs in the background, that you wanna check upon, use KLDetector ( http://dewasoft.com/privacy/kldetector.htm ) to find keyloggers or other trojaned processes that may run in the background.
Inside the browser you can use the DrWeb anti virus link checker.
If you insist on a heuristical av non-resident solution take F-Prot for DOS aboard, it even comes with an automatic updater now. That is the best heuristical scanner I know about, better then the ones that incorporated it at some time (DrWeb CureIt).
Not necessarly, Let say you have a detection of a program that mass maills himself to every contact in the adress book, is there any legitimate reason to do that ?
Also Heuristics donât have to come with the false possitive, look at bitdefender
I have the on demand module of Command AV (Based on F-Prot engine) and I use it as a backup scanner and I can say herustics DO cause false positives, perhaps Bitdefender is just been lucky so far
Yes I donât like Norton either but you have to admit thatnow this bloodhound technology may improve their detection and like BitDefender it has few if any false possitive.
I think proactive detections (e.g. heuristics, generic detections, behavior blocking, policy-based mathods, etc.) are very important for todayâs antivirus solutions, it can be increased the protection level, make users more safer, let the vendors have more time to adding other malware signatures or doing any other important things. Otherwise, proactive detections can also be a very good marketing tools. ;D
I think false positives can be greatly reduced by skill/knowledge/resource of the vendors, some vendors may have more skill/effort on heuristics than others, itâs not mean introducing every type of proactive detections would make an unacceptable false positives to every antivirus software, itâs based on their skill/knowledge/resource/philosophy/needs, even signature can produce a false positives.
I think AVGâs heuristic is nothing but marketing tools. IMHO ;D
I have always been amazed by AVGâs heuristic, as far as Iâve seen, AVGâs heuristic is not better than avast! (who doesnât have heuristic), even AVG seems to have all needed state-of-the-art heuristic technology, at least on its product detailed page.
To prevent speculations, let me just say that enhanced proactive detection (I intentionally don't use the word "heuristics" here, as it usually has a more specific meaning) is something we're definitely looking at, and moving forward, plan to spend considerable time on.
It just needs some time (as other things): currently, I somehow prefer to give up bringing big new features in interim builds (currently released approx. bi-monthly) and favor the âaccumulate all big new features for the next major releaseâ modelâŚ
Yes, Iâm talking about avast 5.
I apologize if this post sounds cryptic.
I donât know if this is still on the table or not but I think if anyone can get it right alwil can (or at least if it isnât right it wonât be released).
In another thread on the subject Dwarden mentions that some AVs allow multiple levels of heuristic detection. If avast! does incorporate some form of heuristics I would love to see this option, including an option to turn heuristics completely off if desired.
I somehow prefer to give up bringing big new features in interim builds (currently released approx. bi-monthly) and favor the "accumulate all big new features for the next major release" model...
Alwil, and Vlk, definitivelly changed their mind.
Now, we're waiting for a new, big, major release and not avast 4.8 and 4.9.
This was discussed a lot in the past: generic detection is being improved. Not âheuristicsâ like posted in the poll.
Vlk has also posted in the past about how easily a good malware writer can defeat heuristics, but this part about âenhanced proactive detectionâ still intrigues me
let me just say that enhanced proactive detection (I intentionally don't use the word "heuristics" here, as it usually has a more specific meaning) is something we're definitely looking at
Dynamic Heuristic analysis - code emulation: this means the file is started inside the protected environment of a virtual computer inside AVG Anti-Virus. The file is analyzed for actions typical for viruses. An example being an application which when run looks for other executable files in order to modify them.
Well, I believe we would include even a bigger feature if itâs easily implementable - but features like heuristics require significant changes through the [existing code of the] whole program; so it might be better to rewrite some parts than change them piece by piece and introduce strange bugs this way.