Mai multe pe blogul avast! antivirus

Hi guys,

I’m glad to announce the general availability of avast 5.1. After almost a month-long beta testing marathon (and 3 beta refreshes just in the last 24 hours), I sincerely hope this new version will serve you well. Even though avast 6.0, equipped with even more features, is coming relatively soon, v5.1 is still a very important update for us. Most of the new good stuff is hidden under the hood.

The most notable improvements are:
- boot-time scanner now available even in 64-bit Windows
- big improvements in the Behavior Shield
- improvements in the antirootkit engine
- improvements in the cleaning module
- stability/performance improvements in the Web Shield
- CommunityIQ improvements
- added support for sound packs
- minor improvements in the user interface
- minor fixes in the firewall

Source: http://forum.avast.com/index.php?topic=68564

* solved a problem that could lead to disappearing of the avast service
* Behavior Shield: solved a minor stability issue (aswSP.sys) + solved a Win7 issue
* performance and stability improvements in the avast! sandbox
* changes in the engine allowing us to generically detect/block some new types of exploits
* speed improvements in the updater
* IS: fixed a vulnerability in aswFw.sys (Secunia Advisory SA40868)
* solved a vulnerability related to license files (Secunia Advisory SA41109)
* solved a problem with scanning of files with very long path names
* fixed the updater in East-Asian versions of avast running with Windows set to a different locale
* IS: improvements in the Outlook antispam plugin
* IS firewall: improvement in the path name matching
* IS: upgraded to the new version of antispam engine
* minor changes and fixes in the GUI
* fixes in the screen reader support
* fixed a bug where the File System Shield was scanning some files even after being disabled
* added trimming of setup.log
* added Danish, Hebrew and Urdu language packs

Mai multe detalii pe site-ul oficial Avast Antivirus

Ever since its inception years, avast! Antivirus has continually grown to its present reputation of reliable antivirus and, more importantly, one of the most complete free security pieces on the market. The differences between the freebie and the paid version of the product are few and, for some users, insignificant.

Working on the improvement of all the products by adding new components and perfecting technology, avast! has made its way among the top dogs of the industry. Moreover, its user base is on an ascending path, despite the fact that the latest version of the free product has not been adopted by all avast! users just yet.

ALWIL Chief Technology Officer Ondrej Vlcek was kind enough to answer some questions about the company and its most demanded product, the free antivirus. The questions cover product and technology-related issues and are revealing of ALWIL’s constant uptrend and future plans.

Softpedia: avast! offers by far the most complete, feature-wise, free antivirus solution on the market today. Some people question the profitability of this business model, and claim that users of free versions are rarely interested in upgrading. Can you estimate a conversion to paying customers rate for your free product?

Ondrej Vlcek: While we don’t disclose the exact numbers, I can say that the actual percentage of people who upgrade to the paid product is in low single digits. These numbers significantly differ country by country; the conversion rates in the English speaking countries are typically the highest.

Softpedia: To our knowledge, avast! is the only free antivirus product to feature behavior-based detection. From our experience, such a component can be instrumental in catching complex trojans like ZeuS or Clampi, which are constantly modified to evade traditional signature-based or even heuristic detection. Do you think avast!’s Behavior Shield gives it an edge over the competition in this respect?

Ondrej Vlcek: The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.

For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.

Softpedia: Avira recently claimed an over 145 million user base. We know that avast! celebrated reaching 100 million registered users back in December. Can you reveal what the figure is right now and can you estimate how much, percentage-wise, has version 5 of avast! Free Antivirus contributed to your user base growth?

Ondrej Vlcek: First, when talking about the size of the user base, one should make it clear what the numbers actually mean. In avast!, we use two metrics. One is the number of registered users (the free version of avast needs to be registered in order to work) and this number is currently about 110 million. Second is the number of active users. This means the number of machines that actually go out and download a definition update at least once during a given period of time (e.g. one month). In case of avast, this second number is currently something below 100 million. This may not sound so big but if you think about it, this equals to some 15-20% of all consumer PCs in the world (depending on which numbers you believe).

AVG’s numbers are similar. I don’t quite trust the Avira’s numbers as they seem to be inconsistent. In any case, we can assume that the free products are used by some 300-350 million users worldwide, and that’s a huge number. I think the traditional vendors haven’t quite realized yet that the market has really started to lean towards the free products.

But to answer the original question, as of April 2010, about 2/3 of our user base is still running the 4.8 version. Unlike the other vendors, we don’t rush upgrading our users. We expect the upgrade campaign to last at least till autumn.

Softpedia: The difference between the Free and Pro versions of avast! Antivirus, as far as included technologies go, is the Sandbox and the Script Shield components. Can you explain in more detail how these features work and why a user would pay almost 35 Euros ($48) to have them?

Ondrej Vlcek: We recently did a survey among our users who decided to upgrade to the paid product, and the results were quite interesting. About one third of the users upgraded because they just felt like paying us some money (after a year or two of using the free product). And another third upgraded because they were convinced the paid product would provide better protection (without actually studying what were the technical differences).

In any case, we now position the Pro Antivirus as a product for advanced users. The mainstream paid product is now the Internet Security Suite (which also includes a silent firewall and an antispam), and indeed, roughly 75% of our users are now upgrading to the Suite (and only 25% to the Pro AV).

Softpedia: Cloud-computing-assisted malware scanning is a technology some vendors are adopting in order to develop AV applications with improved performance. Is ALWIL considering a similar direction for its future products?

Ondrej Vlcek: Yes, I can confirm that we are working on certain protection features that will actively work with our backend servers (as opposed to passive updates). I’m not a big fan of the term cloud though – I think many people use it in many different contexts, but most users don’t really understand the meaning or the benefits.

Certain problems can be solved more efficiently by means of real-time communication with the backend servers, although by far not all – so we certainly don’t want to use it for things that are better accomplished locally. We will be publishing more details on this in the upcoming months.

Softpedia: We know that users of avast! Antivirus contribute to a community-based malware intelligence gathering effort, called Community IQ. Can you explain what kind of suspicious samples are collected through this component? Is this limited to suspicious PE files or are other potentially malicious files, such as PDFs, also included?

Ondrej Vlcek: In the current implementation, the only files that are gathered are indeed binary/executable (PE) files. These are accompanied by additional context information though, such as the originating URL, parent/child processes etc.

Softpedia: To what extent has the distribution of Google Chrome participated in the development of the free product? Is it a source of steady income that also partially funds the development of your paid products?

Ondrej Vlcek: The main purpose of the Google Chrome distribution deal was not to bring us revenue. As you may remember, avast! is now being distributed as part of the Google Pack (European version only, at least for now) and these two deals were signed at the same time. We’re quite proud of partnering with Google – very few companies managed to establish a similar relationship with them, and there is definitely some potential here.

Softpedia: In our latest testing, we witnessed avast! 5’s amazing scan speed. Could you elaborate on the underpinning leading to such performance?

Ondrej Vlcek: There are many significant changes in the v5 engine, and many of them are performance related. Without going into too much detail, there are two main reasons for the increased performance: we scan fewer files, and those that we scan are processed faster.

Scanning fewer files is accomplished by means of the persistent cache, a feature that allows us to never scan files that are trusted (unless they change, of course). Faster scanning is achieved by a number of optimizations – taking advantage of all CPU cores, for example. As a matter of fact, we partnered with Intel and spent quite some time with their performance engineers, coming up with some neat tricks.

On the other hand, if you’re referring to the recent detection test, I’d say it’s a bit unfair to judge the performance of a product by its scan time on a set of malware. Normally, you only measure scan speeds on the clean sets as that’s what most users actually have (hopefully!). The reason for this is that in case of many AV products, whenever a virus is detected, additional tasks are taking place.

Softpedia: The online scanner has been around for some time now. Would you comment on its popularity among users?

Ondrej Vlcek: The online scanner is outdated now – it was never a full blown scanner, just a handy tool to scan a single file. And with online services like VirusTotal or Jotti available for some time now, we feel that the usefulness of this tool is very limited.

Softpedia: Is ALWIL ready to follow the model of so many antivirus developers and acquire technologies from other security companies?

Ondrej Vlcek: We’ve always considered ourselves as a technology company. We’re proud that over half of our organization is still made up of highly technical people – programmers, virus analysts etc.

To that end, we always felt that developing things in-house will give us ultimate control over the quality of our product. This is not to say that there won’t be any acquisitions, it’s just that so far, in-house development has worked better for us.

Softpedia: Has your company turned down any offers to license avast! Antivirus engine to third parties?

Ondrej Vlcek: Absolutely. We are getting such offers pretty much all the time. We generally turn them down as we don’t feel having even more players on the already crowded battlefield would be a meaningful thing to do. If you look at the latest Virus Bulletin comparative test, you will notice that there were roughly 60 (!) products there… this is ridiculous, given the number of the actual engines.

Softpedia: Every company looks to expand its activity. Is the development of other standalone utilities such as a standalone firewall or system cleaning utilities pinned in ALWIL’s future plans?

Ondrej Vlcek: The primary focus is the anti-virus, and that’s how it’s going to be in the foreseeable future. We’re obviously developing other smaller components but I don’t see them being sold as standalone products.

Antivirus is what we have been doing for the last 20 years, and that’s what we’re focusing on.

One of the great new features of avast 5 is the persistent cache, a mechanism which allows us to skip rescanning of certain files. In particular, this applies to files which are on our internal whitelists, as well as files which are digitally signed by trusted publishers (we maintain a relatively short list of software publishers that we trust, and we consider any files produced and digitally signed by these publishers as safe).

Previously, we were using the crypto services provided by the operating system (called “wintrust”) to do the actual verification of the digital signatures. We knew this wasn’t ideal though – especially because we realized that in case the underlying system was somehow compromised, any such system API could already be redirected/hijacked by malware and so trusting it was not 100% bulletproof. For this reason, we have been working on our own implementation of the signature verifier. What seemed like an easy task in the beginning actually turned out to be a fairly large project with tens of thousands of lines of code, and many months of work.

The works on this were finished about a month ago, and after some additional reliability testing, we finally released it to the public as part of the April 19th definition update (last Monday). What’s interesting that this change brought us not only increased reliability (the reason why we decided to implement it in the first place), but also significant performance gain. On our test system (a Dell workstation with an Intel Core i7 CPU, 4GB RAM and Windows 7) the duration of the Full System Scan time suddenly went from 39:35 to 16:03 – meaning almost 2.5x speedup!

We haven’t really done a full analysis of what’s actually causing this, but our current hypothesis is that the performance gain is related to checking of the signature catalogs. It is possible that the Wintrust APIs reopen/reread the catalogs every time a file is checked, whereas our implementation only reads them once and keeps them cached in memory for the whole duration of the scan.

Now, this by itself raised a lot of interest in exploring if things could be improved even more. So we revisited the verification code once more, and found out that the code spends most of the time in a function that is responsible for the calculation of SHA-1 hashes. This is no surprise, as pretty much all signing certificates are currently based on the SHA-1 algorithm, and the actual hashing is the most expensive part of the verification process.

So the next logical step was to optimize our implementation of she SHA-1 algorithm. Interestingly enough, one of the engineers on the Intel performance team recently published a nice article describing the possibilities to speed up SHA-1 by means of the SSE2 instructions added in the Pentium 4 processor. Using these ideas, we were able to further optimize the code so that it ran about 30% faster (especially on the latest Core 2 and i7 CPUs).

While doing all these tests, we also noticed one strange thing: the Full System Scan ran pretty much the same time during the first and all subsequent runs. It was not supposed to be like this though – the persistent cache was supposed to let the 2nd and all subsequent scans run faster. Not so dramatically as the Quick Scan (as the Full System Scan is set up so that it does not trust the persistent cache by default), but still quite significantly as we weren’t supposed to be verifying the digital signatures of files during these repeated scans. So we reviewed the relevant code, and were quite surprised to find out that the verification task was indeed performed every time, not just in the first pass. Fixing this (in the yesterday’s engine update, April 24th), we were able to cut down the scan time on that reference machine down to mere 6 minutes 54 seconds – which translates to almost 6x speedup (with no effect on dection rates, of course)!

For us, this was a great exercise which showed the beauty of software engineering. Sometimes, if you try really hard, you can make a heck of a difference.

By the way, I encourage you to run a Full System Scan and report your findings here in the Comments section below. Of course, your mileage may vary (it all depends on your hardware configuration, but generally the higher-end hardware, the more significant speedups you should expect) but we expect that at least 2-3x speedup should be measurable on pretty much all systems. Also, please keep in mind that the first scan is supposed to take significantly longer so if you have never ran a Full System Scan yet, it’s good to run it twice and compare the results.

Tip: to make the Full System Scan even faster, configure it to actually take advantage of the persistent cache. To do this, open the Full System Scan details, click the Settings button and check the box “Speed up scanning by using the persistent cache” on the Performance page.

Source: http://blog.avast.com/2010/04/25/how-to-make-the-full-system-scan-6x-faster-in-10-days/

Pentru mai multe detalii va invitam sa cititi revista CHIP editia Aprilie 2010.

Having over 100 million users has its downside—it means that users searching for Avast are also a prime target of scammers as well as legitimate companies trying to piggy-back on our name recognition. Every day we receive complaints from people that have been scammed. Some have been scammed into paying to download a free copy of Avast. Others have been tricked into buying a product they thought was Avast but was not. This happens in many different ways but at the core is the greatest scourge of the internet—socially engineered scams and deceptions. Thieves and even legitimate companies are masters at taking advantage of people’s natural penchant to trust others. Some scams are quite blatant and most of us would consider them theft or cheating. Others are much less obvious and may even be considered zealous marketing and selling. One finds such deceptions in search results, on download sites, and even in internet domain names.

More on Avast Blog