Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


February 18th, 2011

Finding the virus, finding the cure

The main role of antivirus being of course to catch viruses, borrowing computer terminology from the human environment is fitting… virus spreads from machine to machine, infecting them just like a flu. And just like in the case of influenza or other virus-type diseases, knowing the virus is the first step to a cure.

In the case of computers, it gets slightly complicated, because while nature presents a new influenza subtype about once a year and only now and then does it really get out of hand, virus creators are getting much faster at “turnaround” in their development of new viruses. There are of course many new technologies, defense shields, and detection techniques for stopping the unknown new viruses, but the inherent obstacle they face is a “false positive” – or, in plain language, a clean, legitimate file being declared a “virus.”

The way we have approached finding unknown viruses at AVAST Software was to use the power of our user community. If a particular user, after giving consent to be part of the avast! CommunityIQ system, runs across a new unknown virus – or suspiciously behaving piece of code, to be more exact – its sample is automatically sent to our Virus Lab for thorough analysis. If the suspicious item is confirmed to be a virus, its signature is automatically added and distributed to all avast! users. On a daily basis, we get about 13,000 new unique samples from our users – samples of “unknown” viruses against which the avast! community is then protected.

With version 6.0 coming out shortly, the situation will also improve for the “whistleblower” – the first user who finds the new piece of malware. AVAST is the first security company to include virtualization technology into its FREE antivirus solution. But on that subject, you can read more here.

  • http://www.rejzor.tk RejZoR

    There is just one thing that is bothering me. They all say the same thing as mentioned here. And they make a big deal out of it with cloud based antiviruses.
    They always mention that if you detect something, everyone else detect it as well based on your “detection”. I find that a bit ridiculous. If my client detected it, this means that every other should do the same. So what’s the point in these so called community like detections?

    It would only make sense if these submitted samples are immediatelly processed and new heuristic and behavior detection rules based on findings are issued to the clients every 24 hours or if you want more frequent.
    This way detection would in fact really evolve with every detection, just like our immune system does. It’s learning by itself and evolving where computer antiviruses are dumb and static immune systems that have some form of learning which is based from analysts knowledge. If you can get this process fully or at least partially automated you have won half of the battle really.

  • Pingback: Tweets that mention avast! blog » Finding the virus, finding the cure -- Topsy.com

  • 12-es_csaj

    “AVAST is the first security company to include virtualization technology into its FREE antivirus solution.” – Unfortunately, not. The first was COMODO.
    But its important to note that avast! was the first in lots of features. But AutoSandbox… the second.

  • LorenzoC

    RejZoR, you forgot an important thing: our immune system fails when it meets really new aggressors. In that case most people simply die. Those who survive have some random genetic mutation that enables them to better resist/react to the aggressor. They reproduce transmitting the mutation to their children and in some generations most people get resistant to that disease. In case of computers you don’t have either the option to have most destroyed either the genetic mutations (computers are all the same). So basically they don’t compare.
    There are other differences, like our body is much more redundant than computers. You can halt the system by deleting or moving a single system file while our body can have million cells destroyed without even notice. This means while our immune system can destroy anything that looks “suspicious”, computer antivirus must be extra careful of “false positives”. Same goes if you consider that a failure in detection by the antivirus is spread to million clients, while each of our bodies is completely autonomous.
    Finally, the level of sophistication of biological systems is much much higher than any machine we can even imagine.

  • Fernando Gregoire

    I didn’t understood what is the bonus for the First user that detects a suspicious code that is a virus to be added to the virus signatures.

  • GloobyGoob

    @12-es_csaj

    Actually, it says avast is the first to offer automatic VIRTUALIZATION technology. Comodo’s automatic sandboxing does not virtualize applications/files, it drops their rights. Only their manual sandbox can virtualize. Avast virtualizes with both modules.

  • Pingback: Finding the virus, finding the cure | Security Antivirus Virus

  • http://www.evangelizzazioneattiva.info/ The_Blinded

    @GloobyGoob
    What is the difference between sandboxing and virtualize?
    That is, what is the difference between the two solutions? (Avast and Comodo)

  • GloobyGoob

    @The_Blinded
    Their automatic sandboxes work differently. Comodo’s automatic sandboxing drops program rights. Avast AutoSandbox virtualizes applications (which is what a sandbox should do)

  • http://www.evangelizzazioneattiva.info/ The_Blinded
  • José Antônio das Neves Colhado

    Sou um novo usuário do AVAST mais pelo que já vi e oque meus amigos me informaram estou contente com o valor que nos é dado como usuários e a proteção que nos é fornecida OBRIGADO

  • Tech

    It’s not clear if all files detected as suspicious are submitted to avast labs.
    Can you confirm?

  • Milos Korenko

    @Tech
    Absolute statements are catchy ;o) but yes I guess it is every suspicious file. I will double check it just in case. I’d also like to have the statistics on submited files from CommunityIQ, Virus Total and other sources available on our community page together with stats on confirmed viruses. It should give a good picture of what is happening and what volume is getting in.

  • Tech

    Thanks Milos, go ahead. The statistics will be a good picture of the situation and will show the community how important it is.