Feeds

AVG finally bothers with behaviour-based defences

And what time do you call this?

The Essential Guide to IT Transformation

AVG has belatedly introduced behaviour-based anti-malware protection to its line of paid-for security products.

AVG Internet Security 8.5, released on Monday, adds behaviour-based security technology to existing pattern-based detection. The technology comes from the recent acquisition of Sana Security. Sana's technology will also be available as a standalone product, called AVG Identity Protection, which will be priced at $19.99, and can work with other vendors' anti-virus products.

Many of the leading AV engines have relied for years on generic detection and heuristic technology, which is another way of describing behaviour-based detection, to identify malware. Paul Burke, newly-appointed VP of product management at AVG, said the difference with AVG was that its technology incorporated supplemental analysis and back-end lookups to avoid problems such as false positives.

Blocking malware on the basis of its behaviour, rather than recognising its signature, is a straightforward enough concept but one mired in rival marketing claims that are sometimes difficult to unravel. AVG's use of the term Identity Protection adds reference to a buzz word but boils down to technology that shuts down banking Trojans if any attempt is made to log keystrokes, for example.

AVG Identity Protection gives computer users an additional layer of protection on top of their existing security software. IDP is specifically focused on helping to prevent thieves from using carefully-targeted attacks to steal passwords, bank account details, credit card numbers, and other digital valuables.

It uses a technology called behavioral analysis to make sure all the programs running on a user's computer are operating the way they should. If it spots something suspicious that could indicate an attempted ID theft attack, it shuts that activity down, preventing any possible theft from happening.

AVG quotes a user base of 80m, and though it doesn't say what percentage uses the better-known free version, it's safe to say it's the vast majority. AVG's free product also got a boost with the 8.5 rev of the product, adding safe-surf to existing anti-virus, anti-spyware and safe-searching capabilities.

Both the safe-surf and safe-searching software flow from AVG's acquisition of the Linkscanner technology from Exploit Prevention Labs. LinkScanner Search-Shield, which places safety ratings next to search results, debuted with AVG 8.0 and caused severe problems for webmasters tarnished by AVG's black list.

The LinkScanner Search-Shield component scanned every result on a page returned by a search, using a user agent that was deliberately almost indistinguishable from a surfer visiting a site using Internet Explorer. This "traffic-spewing" behaviour distorted site visitor statistics, especially for sites with high search engine ranking, while simultaneously sucking up extra bandwidth.

AVG responded to criticism by changing the technology so that it didn't pre-scan every page returned by a search query, instead relying on a local blacklist, and pre-fetching and scanning only those links selected by a surfer.

The added safe-surf component, which users of the paid version of the product have enjoyed since last year, brings in-line protection into the mix and because it analyses only sites users are actually about to visit doesn't pose the same potential problems as the unmodified safe-search feature.

In another catch-up development, AVG added centralised anti-spam protection to its small-business targeted Exchange Server product. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.