This is the second time this has happened…Last time Vlk had valid explaination of cloud stability issues affecting avast scores.What happened here this time I was expecting the usual 4.5/5.0 or even better scores.
http://www.av-test.org/en/tests/home-user/windows-7/janfeb-2014/
Anyone from avast! team can shed light on this topic please?
Well, even though last time Vlk explained it, i found that even more concerning actually. A protection so dramatically affected by the cloud problems and what’s worst about it, user has no clue it is happening in the background. You expect some subsystem to give you superior protection, but you don’t even know it’s actually not operational. And that i find as a huge problem. I don’t know how long their problems lasted or how big they were, but if they were big enough to affect the test results, they are concerning for me as well.
Rejzor,it is no surprise with the amount of malware coming everyday any AV will suffer without cloud modules.Forgot Avira scores few months/years back without the cloud stuff.
There is no such backend server that can keep up with everything,so even evo-gen also had to go behind with no suprise.
Rejzor,I still test avast very little sometimes and with no doubt evo-gen and other modules are still on the radar.They still detect quite a lot of malware.
Remember,if you extract samples with avast on evo-gen is going to pick up on them during extraction and then no evo-gen on execution still evo-gen is pretty effective.
People fail to understand that now evo-gen is more embedded into on-access scanning system and no more to on-execution.I am sure the offline system will get stronger with dyna-gen and DBT (Already under development).
No wonder Naren and I had weird problems with the cloud detections…Thanks avast! team for the explaination over here:
http://forum.avast.com/index.php?topic=147986.msg1075601#msg1075601
Looking forward to much better protection in upcoming months.
True Indian, what do you mean with DBT?
Dynamic Binary translation…
Okay.
I cant wait to check that out. Also Dyna-Gen will be fun to test out. 
DBT is already being used…detections come with the name Sf as initial…They are still bettering it though…
DBT sigs look like this:
Sf:Zbot-A[Trj]
They are adding a few of these everyday check the virus update history.
Remember,these detections come from deepscreen module.
Steven, see: http://forum.avast.com/index.php?msg=1060172
Okay.
One more thing learned today.
But i think it will getter over time. Deepscreen got better over the newer versions. But there is still a lot of work
to do.
Sf detections have been added since several years ago, since the launch of the v5 if I remembered correctly.
And Sf are also detected via normal scanning, at least I saw it around 2011 during malware testing.
So I consider Sf detection are based on Code Emulator. Of course, integration of dynamic binary translation into code emulator is the most probable.
Then how come Panda Cloud Free scores fantastic results every single time in tests? It’s also heavily dependent on cloud, yet it works perfectly. It was also among the very best in the latest AV-Test.
No,since v5 they were there but not added so often as now and they werent active as of now what avast blog article tells me is safemachine 2 has been launched couple years back so I am guessing its from v6 and they were working on it since then.
I have seen Sf detections from the avast deepscreen module and that is the reason I am confident its that.Plus,3 or 4 years back I never saw it in the sandbox neither it came in vps update history and it came very rarely.
Read: https://blog.avast.com/2014/02/07/research-buzz-undercover-technology/
This technology was fired up only in the start of this year and they are bettering it since then.Although Sf has been there even before it was very basic and very rarely added detection.Since end of feb I am seeing in every alternate VPS.
Rej,Panda is a full cloud AV.There is a difference when you are exclusively working on 1 technology and plus I am sure they have more attention to their cloud whereas avast has to see both home-made as well as cloud and also develop new protection modules.
True Indian, I respect your poised opinion. But which of the new technologies are working OK in Avast , not buggy and unstable at times. Yes, other vendors also introduce new technologies but not at the expense of bugs and instability. And now this back-end issue that seems to have been present about 2 months without the user being aware - what is worse - the results in a test like AV (which I consider a joke, especially the performance part) or the false sense of security in users, thinking that everything in their AV is working as it should, the green tick is there, you are protected.
Does it? Panda Cloud is NOT just cloud AV. They also cache local definitions, they also offer local behavior analyzer and blocker.
I’ve noticed a trend with avast! where they have bunch of really awesome ideas all the time, but they rarely make them useful in the end. Or they don’t appear so to the end user. Behavior Shield. We thought we’d finally see behavior blocker in avast!. And it turned out to do exactly nothing at all. Autosandbox when it was introduced, didn’t yield much results and hardly anyone has ever seen it detect anything. Then it was a brief time of awesome sightings of Autosandbox detections for like 1 month and then it all went silent. DeepScreen was introduced and since it’s introduction, just like with Autosandbox, we haven’t seen much of it’s detections. A lot of “Analyzing” popups and hardly any detection. Then there were several upgrades with hardly any effects. Their statistics may say otherwise, but seeing it work in the wild is another thing. Only thing that actually seems to work is Evo-Gen. I just don’t understand what’s going on in there. What’s the cause of all the bright ideas to never function in real world. Or i just set the expectations too high. But then again i had the same expectations for Bitdefender and Kaspersky and look where they are constantly in the tests…
Perhaps the results would be different if the ‘Sensitivity’ was high. I think AV-Test uses the default settings. Even the on demand avast scan.
Yes, more and more Sf detections are added recently. Back on 2011 they were added once in a month or less.
But it does not mean it was not working at that time… see the Virustotal results back in 2011, they detected “Sf:Mystic [Cryp]” as avast5 detection (although its version is already 6 at that time).
This is what I saw during these times. There was no DeepScreen back then.
I checked my old malware samples and yes, I sent some samples detected as “Sf:Mystic” to avast lab in Jan 2011.
https://www.virustotal.com/file/2bddc8f914d99e7a3e73896a93b848024704fea8873a740e9cbc37f7a13c8ed2/analysis/1316908834/
https://www.virustotal.com/file/a7b550e521bf41d4acb445aaaca9a93d0c4bb1784be55cd2eb4ab02361db1292/analysis/1310784766/
I can tell you that it wouldn’t. I’m not even sure if sensitivity levels even do anything. There were supposedly differences, but i frankly could never see them.
IMHO, they are focused on other software items to generate $$$ and not keeping eye on the A/V ball.
Frankly, I do Custom Install and uncheck all but the shields.
The virtualization driver for Sandbox “appears” to cause BSODs.
AOS is still limping along.
Don’t get me started on GrimeFighter.
I think the “developers” have posted loudly this is not their decision but managements.
I think “management” is going down the Symantec path which IHMO is offering nothing…especially to pay for…and diluting what they are good at and during which diminishing the Avast “brand”.
Wonder if there is “new” management within Avast…or worse…they hired some consulting firm to “help” them guide the biz.
Hope they figure this out before they spiral too far down the rabbit hole.
Well, the CEO no doubt trod that path while a VP at Symantec.
“New” since when? There may be a cause/effect relationship between this trend and the hiring of a former Symantec Sales exec as CEO. Or it may just be a positive correlation with no causal implications …