Threat Research

Finding the virus, finding the cure

Avast Security Blogger, 18 February 2011

Finding the virus, finding the cure

The main role of antivirus being of course to catch viruses, borrowing computer terminology from the human environment is fitting… virus spreads from machine to machine, infecting them just like a flu. And just like in the case of influenza or other virus-type diseases, knowing the virus is the first step to a cure.

In the case of computers, it gets slightly complicated, because while nature presents a new influenza subtype about once a year and only now and then does it really get out of hand, virus creators are getting much faster at “turnaround” in their development of new viruses. There are of course many new technologies, defense shields, and detection techniques for stopping the unknown new viruses, but the inherent obstacle they face is a “false positive” – or, in plain language, a clean, legitimate file being declared a “virus.”

The way we have approached finding unknown viruses at AVAST Software was to use the power of our user community. If a particular user, after giving consent to be part of the avast! CommunityIQ system, runs across a new unknown virus – or suspiciously behaving piece of code, to be more exact – its sample is automatically sent to our Virus Lab for thorough analysis. If the suspicious item is confirmed to be a virus, its signature is automatically added and distributed to all avast! users. On a daily basis, we get about 13,000 new unique samples from our users - samples of “unknown” viruses against which the avast! community is then protected.

With version 6.0 coming out shortly, the situation will also improve for the “whistleblower” – the first user who finds the new piece of malware. AVAST is the first security company to include virtualization technology into its FREE antivirus solution. But on that subject, you can read more here.