Feeds

AVG finally bothers with behaviour-based defences

And what time do you call this?

Reducing security risks from open source software

AVG has belatedly introduced behaviour-based anti-malware protection to its line of paid-for security products.

AVG Internet Security 8.5, released on Monday, adds behaviour-based security technology to existing pattern-based detection. The technology comes from the recent acquisition of Sana Security. Sana's technology will also be available as a standalone product, called AVG Identity Protection, which will be priced at $19.99, and can work with other vendors' anti-virus products.

Many of the leading AV engines have relied for years on generic detection and heuristic technology, which is another way of describing behaviour-based detection, to identify malware. Paul Burke, newly-appointed VP of product management at AVG, said the difference with AVG was that its technology incorporated supplemental analysis and back-end lookups to avoid problems such as false positives.

Blocking malware on the basis of its behaviour, rather than recognising its signature, is a straightforward enough concept but one mired in rival marketing claims that are sometimes difficult to unravel. AVG's use of the term Identity Protection adds reference to a buzz word but boils down to technology that shuts down banking Trojans if any attempt is made to log keystrokes, for example.

AVG Identity Protection gives computer users an additional layer of protection on top of their existing security software. IDP is specifically focused on helping to prevent thieves from using carefully-targeted attacks to steal passwords, bank account details, credit card numbers, and other digital valuables.

It uses a technology called behavioral analysis to make sure all the programs running on a user's computer are operating the way they should. If it spots something suspicious that could indicate an attempted ID theft attack, it shuts that activity down, preventing any possible theft from happening.

AVG quotes a user base of 80m, and though it doesn't say what percentage uses the better-known free version, it's safe to say it's the vast majority. AVG's free product also got a boost with the 8.5 rev of the product, adding safe-surf to existing anti-virus, anti-spyware and safe-searching capabilities.

Both the safe-surf and safe-searching software flow from AVG's acquisition of the Linkscanner technology from Exploit Prevention Labs. LinkScanner Search-Shield, which places safety ratings next to search results, debuted with AVG 8.0 and caused severe problems for webmasters tarnished by AVG's black list.

The LinkScanner Search-Shield component scanned every result on a page returned by a search, using a user agent that was deliberately almost indistinguishable from a surfer visiting a site using Internet Explorer. This "traffic-spewing" behaviour distorted site visitor statistics, especially for sites with high search engine ranking, while simultaneously sucking up extra bandwidth.

AVG responded to criticism by changing the technology so that it didn't pre-scan every page returned by a search query, instead relying on a local blacklist, and pre-fetching and scanning only those links selected by a surfer.

The added safe-surf component, which users of the paid version of the product have enjoyed since last year, brings in-line protection into the mix and because it analyses only sites users are actually about to visit doesn't pose the same potential problems as the unmodified safe-search feature.

In another catch-up development, AVG added centralised anti-spam protection to its small-business targeted Exchange Server product. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.