Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

February 18th, 2011

Finding the virus, finding the cure

The main role of antivirus being of course to catch viruses, borrowing computer terminology from the human environment is fitting… virus spreads from machine to machine, infecting them just like a flu. And just like in the case of influenza or other virus-type diseases, knowing the virus is the first step to a cure.

In the case of computers, it gets slightly complicated, because while nature presents a new influenza subtype about once a year and only now and then does it really get out of hand, virus creators are getting much faster at “turnaround” in their development of new viruses. There are of course many new technologies, defense shields, and detection techniques for stopping the unknown new viruses, but the inherent obstacle they face is a “false positive” – or, in plain language, a clean, legitimate file being declared a “virus.”

The way we have approached finding unknown viruses at AVAST Software was to use the power of our user community. If a particular user, after giving consent to be part of the avast! CommunityIQ system, runs across a new unknown virus – or suspiciously behaving piece of code, to be more exact – its sample is automatically sent to our Virus Lab for thorough analysis. If the suspicious item is confirmed to be a virus, its signature is automatically added and distributed to all avast! users. On a daily basis, we get about 13,000 new unique samples from our users – samples of “unknown” viruses against which the avast! community is then protected.

With version 6.0 coming out shortly, the situation will also improve for the “whistleblower” – the first user who finds the new piece of malware. AVAST is the first security company to include virtualization technology into its FREE antivirus solution. But on that subject, you can read more here.

  1. February 18th, 2011 at 19:20 | #1

    There is just one thing that is bothering me. They all say the same thing as mentioned here. And they make a big deal out of it with cloud based antiviruses.
    They always mention that if you detect something, everyone else detect it as well based on your “detection”. I find that a bit ridiculous. If my client detected it, this means that every other should do the same. So what’s the point in these so called community like detections?

    It would only make sense if these submitted samples are immediatelly processed and new heuristic and behavior detection rules based on findings are issued to the clients every 24 hours or if you want more frequent.
    This way detection would in fact really evolve with every detection, just like our immune system does. It’s learning by itself and evolving where computer antiviruses are dumb and static immune systems that have some form of learning which is based from analysts knowledge. If you can get this process fully or at least partially automated you have won half of the battle really.

  2. 12-es_csaj
    February 18th, 2011 at 20:09 | #2

    “AVAST is the first security company to include virtualization technology into its FREE antivirus solution.” – Unfortunately, not. The first was COMODO.
    But its important to note that avast! was the first in lots of features. But AutoSandbox… the second.

  3. LorenzoC
    February 18th, 2011 at 21:57 | #3

    RejZoR, you forgot an important thing: our immune system fails when it meets really new aggressors. In that case most people simply die. Those who survive have some random genetic mutation that enables them to better resist/react to the aggressor. They reproduce transmitting the mutation to their children and in some generations most people get resistant to that disease. In case of computers you don’t have either the option to have most destroyed either the genetic mutations (computers are all the same). So basically they don’t compare.
    There are other differences, like our body is much more redundant than computers. You can halt the system by deleting or moving a single system file while our body can have million cells destroyed without even notice. This means while our immune system can destroy anything that looks “suspicious”, computer antivirus must be extra careful of “false positives”. Same goes if you consider that a failure in detection by the antivirus is spread to million clients, while each of our bodies is completely autonomous.
    Finally, the level of sophistication of biological systems is much much higher than any machine we can even imagine.

  4. Fernando Gregoire
    February 19th, 2011 at 00:55 | #4

    I didn’t understood what is the bonus for the First user that detects a suspicious code that is a virus to be added to the virus signatures.

  5. GloobyGoob
    February 19th, 2011 at 01:18 | #5


    Actually, it says avast is the first to offer automatic VIRTUALIZATION technology. Comodo’s automatic sandboxing does not virtualize applications/files, it drops their rights. Only their manual sandbox can virtualize. Avast virtualizes with both modules.

  6. February 19th, 2011 at 12:17 | #6

    What is the difference between sandboxing and virtualize?
    That is, what is the difference between the two solutions? (Avast and Comodo)

  7. GloobyGoob
    February 20th, 2011 at 23:43 | #7

    Their automatic sandboxes work differently. Comodo’s automatic sandboxing drops program rights. Avast AutoSandbox virtualizes applications (which is what a sandbox should do)

  8. February 25th, 2011 at 15:16 | #8

    Thanks :-)

  9. José Antônio das Neves Colhado
    February 25th, 2011 at 17:06 | #9

    Sou um novo usuário do AVAST mais pelo que já vi e oque meus amigos me informaram estou contente com o valor que nos é dado como usuários e a proteção que nos é fornecida OBRIGADO

  10. Tech
    February 25th, 2011 at 18:00 | #10

    It’s not clear if all files detected as suspicious are submitted to avast labs.
    Can you confirm?

  11. Milos Korenko
    February 25th, 2011 at 19:08 | #11

    Absolute statements are catchy ;o) but yes I guess it is every suspicious file. I will double check it just in case. I’d also like to have the statistics on submited files from CommunityIQ, Virus Total and other sources available on our community page together with stats on confirmed viruses. It should give a good picture of what is happening and what volume is getting in.

  12. Tech
    February 25th, 2011 at 20:56 | #12

    Thanks Milos, go ahead. The statistics will be a good picture of the situation and will show the community how important it is.

Comments are closed.