Heuristics

Hi!

Is it true that Avast does not have any Heuristics scanning engine? If thats true, its very alarming! Cuz Heuristics is the first defence against unknown virii! I think even AVG has Heuristics scanning (though i have personally seen that Avast is a MUCH MUCH better AV than AVG). If Avast does not have this feature, it should be the first post an the Wishlist!!

Kalpik

Well, it does but it doesn’t. It does I believe have generic scanning for trojans, but in terms of a true heuristic program - no, this has been discussed on the forums. There are several pros, but also several cons, to having a heuristics.

Hi!

Could you please explain all the cons of having Heuristics? Your help is appreciated.

Kalpik

As far as I know Avast has no heuristics in its on-demand/on-access scanner but Avast has so-called heuristics in its e-mail scanner (Internet mail and Outlook/Exchange) to fight agianst fast-spreading e-mail worm (it really works in the real-world and save me several time) but I think Avast’s heuristics is not the true heuristics in antivirus scence.

Althought Avast has no true heuristics but it has other method to fight against unknown malware such as generic detection of trojan.

Please read this thread and you will find what you want to know. :slight_smile:

http://forum.avast.com/index.php?board=2;action=display;threadid=4979

True, McAfee uses these heuristics techinque as well, Panda uses this Tru prevent technology to detect unknown viruses. I don’t really mind if Avast! dosn’t have heuristics as long as we get updates daily.

Unfortunately, Avast has always been simply underrated by some people just because of Avast has no so-called heuristics, it has fancy skins, it has sounds and it has the free version.

I love the skins ( my favorite is the bionic avast :wink: ) And the sound is always enjoyable to hear. (yes including the virus detected one ;D. So what if it dosn’t have heuristics? People should know that it’s one of the best antivrus that has different shields and has staff working hard to make virus signature files for updates.

Heuristics have a big potential,especially for AV that is not so well known (so virii writers don’t fool its heuristics). Just look at NOD32. I had doubts about heuristics until i tried it. Same with ArcaVir 2005. Detected brand new worm before they had defs for it. And even if heuristics detect only few samples it’s still better than nothing.

I totally agree.

And even so-called heuristics in e-mail scanner of Avast can detect potential dangerous extensions in file attachment I’ve seen this several times.

I’m just curious, if Avast doesn’t implement traditional heuristics like other AVs so is there any plan to develop other proactive detection for Avast, something like advanced generic detection? ;D ;D ;D

The biggest concern of anyone introducing Heuristics is false positives and inexperienced users who will delete the file that the virus was detected in. This can have huge potential implications on the users system.

Perhaps a means of getting round this is to have two Alarms and actions, Heuristic and Signature detected. Then to correctly identify the warning as a Heuristic detection and perhaps move it to the chest rather than allow for auto/user deletion.

This could be similar to the email heuristic warning, but that warning is very ineffective as many who post here don’t realise the difference and delete emails regardless of the fact that it is pointed out it is just Suspicious and not positively identified as infected.

There have been similar requests on the forums to have a different Warning Alarm for Web Shield detection, because that says there is a virus on your computer (and it won’t be if you abort the connection) and many people have spent a lot of time trying to find it on their computer.

But lets face it,Alwil will have to impliment some form of heuristics soon or later.
Signatures are ok,but in these days,certanly not enough.

I totally agree that it will have to happen. My reference to Signatures was mearly to show the different method of detection, known Vs possible (Signature V Heuristics)

Yeah… But, sometimes, the signatures bring false positives as much as heuristics would :stuck_out_tongue:

In fact. But, I have some experiences on it… Promisses more than could realise. Better detection are just side by side of false positives. I do believe in fast updating and avast! can’t be better on it. Well, it could be better on adding signatures that, nowadays, were not that fast anymore :cry:

Perhaps a means of getting round this is to have two Alarms and actions, Heuristic and Signature detected. Then to correctly identify the warning as a Heuristic detection and perhaps move it to the chest rather than allow for auto/user deletion.

Good suggestions… I hope it won’t be lost into the jungle of the forum threads :-\ :cry:

Your putting my words into RejZors mouth ;D

Are the people at Alwil listening!!!

Well heuristics do produce some false positives,but look at signatures. Alwil had many problems with it and they don’t even have heuristics in avast!.
And sooner they start using heuristic,better they’ll act after some time. False positive reports will help them fine tune heuristics so they won’t cause FPs later.

Heuristics can be success at some level to catch unknown malware but it can be a very strong marketing point to facinating people as NOD32 advaned heuristcs and Norman Sandbox.

Yeah,well they can since AH and Sandxox are very effective. BitDefender HIVE will work the same way as Sandbox. I had doubts about it and thought it’s only a marjketing trick,but it’s not. I had several samples that were detcted only by heuristics before anyone else even made signatures.

…more or less because the malware writer did a lousy job in this case.

The main problem with heuristics engines is that they are publicly available. That is, it’s trivial for the virus author to fine-tune his/her masterpiece so that it slips thru. It’s as easy as that, and it’s somehow surprising for me that the punks don’t currently do it so often (at least for the relatively unknown scanners such as nod32).

Otherwise, of course I agree heuristics methods are powerful and we’re definitely taking them seriously. But it’s probably too technical a thing to discuss here - I somehow don’t like the screams for heuristics without deep technical background… :-\

Cheers
Vlk

Yeah,thats the main reason to use heuristics now. avast! is not as known as Symantec or McAfee,so there would be a very small chance that virii writers will fine tune it against avast!. Maybe more flexible Blocker could do half of this job,but in current form it simply fails to do anything. And finetuning virii to avoid heuristics is a time consuming thing. Source code for them is not available so you have to test every and each modification. And there is no 100% success rate in this.