Feeds

AVG finally bothers with behaviour-based defences

And what time do you call this?

The Power of One eBook: Top reasons to choose HP BladeSystem

AVG has belatedly introduced behaviour-based anti-malware protection to its line of paid-for security products.

AVG Internet Security 8.5, released on Monday, adds behaviour-based security technology to existing pattern-based detection. The technology comes from the recent acquisition of Sana Security. Sana's technology will also be available as a standalone product, called AVG Identity Protection, which will be priced at $19.99, and can work with other vendors' anti-virus products.

Many of the leading AV engines have relied for years on generic detection and heuristic technology, which is another way of describing behaviour-based detection, to identify malware. Paul Burke, newly-appointed VP of product management at AVG, said the difference with AVG was that its technology incorporated supplemental analysis and back-end lookups to avoid problems such as false positives.

Blocking malware on the basis of its behaviour, rather than recognising its signature, is a straightforward enough concept but one mired in rival marketing claims that are sometimes difficult to unravel. AVG's use of the term Identity Protection adds reference to a buzz word but boils down to technology that shuts down banking Trojans if any attempt is made to log keystrokes, for example.

AVG Identity Protection gives computer users an additional layer of protection on top of their existing security software. IDP is specifically focused on helping to prevent thieves from using carefully-targeted attacks to steal passwords, bank account details, credit card numbers, and other digital valuables.

It uses a technology called behavioral analysis to make sure all the programs running on a user's computer are operating the way they should. If it spots something suspicious that could indicate an attempted ID theft attack, it shuts that activity down, preventing any possible theft from happening.

AVG quotes a user base of 80m, and though it doesn't say what percentage uses the better-known free version, it's safe to say it's the vast majority. AVG's free product also got a boost with the 8.5 rev of the product, adding safe-surf to existing anti-virus, anti-spyware and safe-searching capabilities.

Both the safe-surf and safe-searching software flow from AVG's acquisition of the Linkscanner technology from Exploit Prevention Labs. LinkScanner Search-Shield, which places safety ratings next to search results, debuted with AVG 8.0 and caused severe problems for webmasters tarnished by AVG's black list.

The LinkScanner Search-Shield component scanned every result on a page returned by a search, using a user agent that was deliberately almost indistinguishable from a surfer visiting a site using Internet Explorer. This "traffic-spewing" behaviour distorted site visitor statistics, especially for sites with high search engine ranking, while simultaneously sucking up extra bandwidth.

AVG responded to criticism by changing the technology so that it didn't pre-scan every page returned by a search query, instead relying on a local blacklist, and pre-fetching and scanning only those links selected by a surfer.

The added safe-surf component, which users of the paid version of the product have enjoyed since last year, brings in-line protection into the mix and because it analyses only sites users are actually about to visit doesn't pose the same potential problems as the unmodified safe-search feature.

In another catch-up development, AVG added centralised anti-spam protection to its small-business targeted Exchange Server product. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.