Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Ad-Aware Offers Behavioral Detection

ScuttleMonkey posted more than 4 years ago | from the and-chastizes-you-accordingly dept.

Software 68

With the latest release of the popular anti-malware tool Ad-Aware, Lavasoft has added what is being referring to as "Genotype," a heuristic-based behavioral detection engine. In addition to a new (and what appears to be faster) method of detection and elimination, there are a few incremental updates like the simple/advanced toggle and a potentially always-on "gaming mode," which attempts to do real-time filtering while you are playing games, watching videos, or just browsing.

cancel ×

68 comments

Sorry! There are no comments related to the filter you selected.

Warning (5, Funny)

Romancer (19668) | more than 4 years ago | (#29724117)

Warning, The page you are about to view contains P0rN and a small malware virus, would you like to continue?

Options:
Yes give me the Virus
No Block the P0rN.

Re:Warning (3, Insightful)

gnick (1211984) | more than 4 years ago | (#29724481)

Followed by the pop-up in the lower-right corner that annoyed me to the point that I stripped Ad-Aware off of my system despite previously having shelled out for Ad-Aware Pro (one of the previous versions):

Thank you for using Ad-Aware. To further protect your system, please click here to visit Lavasoft and upgrade to Ad-Aware Professional Edition.

I like their product, but I hate being badgered.

Re:Warning (1)

AliasMarlowe (1042386) | more than 4 years ago | (#29729127)

"Do you not want to unprevent discontinuing disabled non-avoidance of this site?"
[Affirm]
[Deny]
[WTF?] (default)

Re:Warning (5, Funny)

TheRealMindChild (743925) | more than 4 years ago | (#29724505)

Do you not want to continue?

[Enable] [Disable]

Re:Warning (1)

gparent (1242548) | more than 4 years ago | (#29725791)

Do you want to game? [Simple] [Advanced]

Re:Warning (1)

roman_mir (125474) | more than 4 years ago | (#29726379)

Are you sure you want to Quit?

[Definitely Maybe] [Maybe Definitely]

Re:Warning (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#29729415)

This program has encountered an unexpected error and needs to close. Would you like to send an error report?

[Ok] [Cancel]

Re:Warning (1)

missilan (1003877) | more than 4 years ago | (#29771853)

This program has encountered an unexpected error and needs to close. Would you like to send an error report? [Ok] [Cancel]

Have you sent the error report? Have you got a hint how to fix the error?

Re:Warning (1)

Wowsers (1151731) | more than 4 years ago | (#29724683)

The "Yes" option is different if you perform safe hex!

Ummmmmm.... (1)

mujadaddy (1238164) | more than 4 years ago | (#29724159)

/uninstall

No, I don't have AdAware...

I'm sorry (2, Interesting)

Jurily (900488) | more than 4 years ago | (#29724219)

Malware writers are smart enough to overcome heuristics-based solutions. Just like spammers.

Slightly Offtopic: Not Genotype (3, Informative)

drunken_boxer777 (985820) | more than 4 years ago | (#29724299)

As a trained biologist, I take exception to the failure to analogize properly. A genotype is the genetic description of an organism. This has nothing to do with a system that learns from experience.

Those who create software: Please, if you are going to use a word from a different field to name or describe your program, try to pick a word that creates some sort of sensible analogy rather than choosing one that sounds cool and is unused. Otherwise, you risk sounding like an idiot.

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29724377)

Their term "genotype" is referring to the underlying behaviors of software (genetic description). Their use of that term has nothing to do with learning over time. I think their analogy is more proper than you think. Disclaimer: IANAB.

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29724407)

Words get re-used for other purposes all the time, get over it.

Its especially true in newer fields such as computing.

Re:Slightly Offtopic: Not Genotype (1)

Hognoxious (631665) | more than 4 years ago | (#29725335)

Words get re-used for other purposes all the time, get over it.

The trouble is they don't gain meaning, they lose it when people do that. I was having this same conversation at the place, with that guy who does that thing with the watchamacallems.

Re:Slightly Offtopic: Not Genotype (0, Troll)

Runaway1956 (1322357) | more than 4 years ago | (#29725961)

Anonymous Coward get re-used for other purposes all the time, get over it.

Its especially true when you spend all your time hanging out at the closest meat market.

Re:Slightly Offtopic: Not Genotype (2, Informative)

gnick (1211984) | more than 4 years ago | (#29724427)

From Wikipedia: [wikipedia.org]

Inspired by the biological concept and usefulness of genotypes, computer science employs simulated phenotypes in genetic programming and evolutionary algorithms. Such techniques can help evolve mathematical solutions to certain types of otherwise difficult problems.

I'm not saying that you're wrong, I'm just saying that once it's on Wikipedia you need to fight it there or give up the ship...

Re:Slightly Offtopic: Not Genotype (2, Insightful)

SleepingWaterBear (1152169) | more than 4 years ago | (#29725521)

Genetic programming and evolutionary algorithms are both completely distinct from what they're describing here. In those cases, the metaphor is quite appropriate since we're talking about serially encoding an algorithm, and then letting mutations of the encoded algorithm compete subject to a fitness function. Ad-Aware's "Genoytpe" has nothing to do with genetic programming or evolutionary algorithms, and the analogy makes no sense at all.

Re:Slightly Offtopic: Not Genotype (5, Funny)

Interoperable (1651953) | more than 4 years ago | (#29724531)

As a trained physicist I would like to extend that to include not just software developers but also Sci-Fi writers, politicians, the media, the general public and anyone who incorrectly uses the word "exponentially". In fact, people who use the word exponentially incorrectly are exponentially worse.

Re:Slightly Offtopic: Not Genotype (1)

zMaile (1421715) | more than 4 years ago | (#29724801)

I think you mean "the number of people using the word 'exponentially' is getting exponentially worse"

Re:Slightly Offtopic: Not Genotype (1)

FarFromUnique (1452027) | more than 4 years ago | (#29724887)

"Phenomenally" sounds so much better, too. It's a wonder anyone uses "exponentially" anymore.

Re:Slightly Offtopic: Not Genotype (1)

Hognoxious (631665) | more than 4 years ago | (#29725289)

But exponentially sounds, well, a lot more mathematical.

It's one of my pet hates, along with using "open source" to describe things that don't have source code.

Re:Slightly Offtopic: Not Genotype (1)

hairyfeet (841228) | more than 4 years ago | (#29728519)

Yeah, talk to a PC repairman about the word "virus". According to my customers a virus is...spyware,adware, malware, viruses, trojans, rootkits, backdoors, anything that makes their computers act 'funny", any slowdown on same, and pretty much any problem that doesn't come with smoke rolling out the back. They also think they can get 1000+ "bugs" on their machine and you should be able to use some "magic" tool that fixes it in a hour, oh and you should only charge them $20 for it as well.

The word virus has been used by the media so often for every computer bug and picked up by the public so it is pretty much useless anymore. The same way "hackers" can now be anyone from some 14 year old trying default passwords to Russian cyber gangs. The original meaning kinda got lost along the way.

Exponentially Topical Genotypic Algorithms (0)

Anonymous Coward | more than 4 years ago | (#29729561)

In the algorithmic evolution of this spatial-temporal epoch, I have exponentially typed this topical Slashdot replicatory chromatogram digitally on my open source keyboard while genotypically examining my quantum thermoelectric quasi-condensate crystalline oculatory monitor.

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29725423)

If I've told you once, I've told you 10^7 times, stop exaggerating

Re:Slightly Offtopic: Not Genotype (1)

buswolley (591500) | more than 4 years ago | (#29725887)

Phenotypically, you're an anonymous ass.

Re:Slightly Offtopic: Not Genotype (2, Funny)

melikamp (631205) | more than 4 years ago | (#29726029)

And as a trained mathematician, I would like to extend it to all the people who use the word "normal" to describe anything but a non-trivial group G whose only nontrivial subgroup is G itself. Normal people don't make stupid mistakes like that.

Re:Slightly Offtopic: Not Genotype (1, Funny)

Anonymous Coward | more than 4 years ago | (#29728283)

now i remember why nerds get beat up.

Re:Slightly Offtopic: Not Genotype (3, Funny)

L4t3r4lu5 (1216702) | more than 4 years ago | (#29729439)

Because the average guy is mean?

Here all night!

Re:Slightly Offtopic: Not Genotype (1)

ffflala (793437) | more than 4 years ago | (#29727085)

As a trained physicist I would like to extend that to include not just software developers but also Sci-Fi writers, politicians, the media, the general public and anyone who incorrectly uses the word "exponentially". In fact, people who use the word exponentially incorrectly are exponentially worse.

I hope it gives you some measure of hope that whenever I am about to extrapolate in casual conversation, I make it a point to distinguish between geometric and exponential growth.

If things will apparently increase at a merely linear rate, I try instead to change the subject to something more interesting.

Since I am not a trained physicist, suggestions for further conversational precision are welcome.

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29724575)

As a trained biologist...

I take it that you've never helped two mullet-sporting hillbillies [wordpress.com] jack off a horse [spotsnstripes.com] and collect the spooge with a 44oz. Big-Gulp cup [flickr.com] . You, sir, are no trained biologist!

Good day to you, sir. *Hmmph!*

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29724871)

are the hillbillies men, woman or both?

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29725045)

Get over yourself. All fields do this. Just ask an astronomer what a "metal" is. Then ask a chemist.

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29725303)

It shouldn't be 'genotype', but genetic algorithm (or perhaps a similar thing). This is in fact the same thing (as I recall from highschool biology classes, compared to what such an algorithm does). The anology is in the strings (~DNA strings) used to create new strings (~reproduction) based on some fraction of two (or more?) of the other strings.

AI: A Modern Approach by Russell & Norvig (see http://aima.cs.berkeley.edu/ ) has a pretty good image of it.

In short, it works like this flowchart: http://www.its.leeds.ac.uk/projects/smartest/d3f5p9.gif with the concepts I got in biology class (reproduction, mutation, etc).

That said, I'm not a biologist myself and I do agree that genotype is somewhat silly. I suppose what they thought of would be to use it to refer to the 'genetic' description of a computer virus. That's all I can make of it anyway.

Re:Slightly Offtopic: Not Genotype (0)

Anonymous Coward | more than 4 years ago | (#29730437)

Genotype just sounds cool, for fucks sake. Get off your high horse, and pull that pipette out of your ass hole.

People still use Ad-Aware? (5, Informative)

Ka D'Argo (857749) | more than 4 years ago | (#29724441)

I used to love it back in the day, removed all kinds of spywave, simple gui, updated easy enough, you ran it when you wanted, etc

These days it keeps half a dozen processes running in the background with more to be opened if you do any kind of scan. I realize having real-time protection is a nice feature, having to go in and auto disable all these is a pain. If you're still getting malware on the go, so to speak, from websites, and aren't using a browser than's got security or at least security add-ons (Firefox + Noscript + ABP + Flashblock) then I could understand the need for it.

Add in an anti virus software that does the same X number of processes in the background plus Ad-Aware thats way more bogged down software than ever. Ad-Aware used to be simple, clean and sleek, now it's just bloated shovelware (how quickly did they move from Version X to SE, to Version X.1?)

Stick with Spybot, Malwarebytes, HijackThis and a decent backup like Nod32, Avast or AVG, imho.

Re:People still use Ad-Aware? (3, Funny)

gnick (1211984) | more than 4 years ago | (#29724589)

Stick with Spybot, Malwarebytes, HijackThis and a decent backup like Nod32, Avast or AVG, imho.

But do any of those have "gaming-mode"? That sounds kind of sexy. When you're out on the web and engaging in especially risky behavior that could earn you an infection, you're in "gaming-mode" - Yeah, right.

"Mom! Don't you know how to knock??? I could have been in gaming mode!"

Re:People still use Ad-Aware? (0)

Anonymous Coward | more than 4 years ago | (#29726359)

u meant gaymore amirite!?

Re:People still use Ad-Aware? (3, Interesting)

Anonymous Coward | more than 4 years ago | (#29724697)

With all the background processes now, I keep programs like ad-aware uninstalled. Then when I want to perform a scan I install it, run the scan, and uninstall it again.

Re:People still use Ad-Aware? (0)

Anonymous Coward | more than 4 years ago | (#29724921)

Amen. Anon 'cuz this would just get modded redundant anyway, but you are *SO* right I had to say so.

Re:People still use Ad-Aware? (2, Informative)

antdude (79039) | more than 4 years ago | (#29725681)

SuperAntiSpyware [superantispyware.com] and Malwarebytes' Anti-Malware [malwarebytes.org] (thanks to the folks in http://www.dslreports.com/forum/security,1 [dslreports.com] for suggesting these) also don't hog your system like Windows' services. Run, scan, and clean on-demand. :)

Don't forget Windows Malicious Software Removal Tool (W2K SP4 has it too) with mrt.exe command.

Re:People still use Ad-Aware? (1)

antdude (79039) | more than 4 years ago | (#29726667)

Also, MS Security Essentials use service. :(

Re:People still use Ad-Aware? (1)

MojoStan (776183) | more than 4 years ago | (#29725821)

Add in an anti virus software that does the same X number of processes in the background plus Ad-Aware thats way more bogged down software than ever. Ad-Aware used to be simple, clean and sleek, now it's just bloated shovelware (how quickly did they move from Version X to SE, to Version X.1?)

Stick with Spybot, Malwarebytes, HijackThis and a decent backup like Nod32, Avast or AVG, imho.

Some good recommendations (I'd add Avira AntiVir Personal [free-av.com] to your list), but I think Microsoft Security Essentials [slashdot.org] (released 2 weeks ago) is now worth considering for free, non-bloated virus/malware protection. The initial reviews [arstechnica.com] seem pretty good.

Re:People still use Ad-Aware? (1)

Hurricane78 (562437) | more than 4 years ago | (#29725861)

And I run Linux. Period. ^^

Re:People still use Ad-Aware? (1)

smoker2 (750216) | more than 4 years ago | (#29726059)

I agree, but the simple fact is, is it any good now ? You don't HAVE to start it on boot, just run it if you need it. Or is that too much work ? I still have version 1.06r1 on my XP box (which never really goes on the net), and it runs fine. Oh dear, my definitions are 673 days old, yet I still have no problems ...
Maybe because I use linux to browse the net (and everything else). [meta - is this a troll ?]

Re:People still use Ad-Aware? (0)

Anonymous Coward | more than 4 years ago | (#29729437)

I'm hoping Ad-Aware will now determine that it is malware and remove itself.

I am also highly suspicious of AVG since it encrypts its own log files for "security reasons". Obviously having the user know what AVG is doing to their computer would be a huge security risk.

Remember, you and your computer will die a horrible death without Personal Anti-Virus-Spyware-Malware-Badware 2010 PRO or whatever.

In other news ... (3, Insightful)

maxwell demon (590494) | more than 4 years ago | (#29724529)

The reason for the mysterious death of many computer users in the last time has been found. It turned out they all had an anti-malware program running which tried to detect and eliminate malware through analyzing its behaviour. Apparently the software detected dangerous behaviour from the computer users and therefore decided to eliminate them in order to protect the system.

Re:In other news ... (2, Informative)

arkenian (1560563) | more than 4 years ago | (#29724723)

I can't decide whether I find your post or the patent filing in your sig more amusing.

Re:In other news ... (0)

Anonymous Coward | more than 4 years ago | (#29734595)

Ha. Isn't that the same thing that Dubya's illegal wiretapping did to Americans? How soon before citizens are "detected" as "dangerous", and eliminated from society in order to protect the remaining citizens?

Bring on the NorseFire revolution!

(anonymous tounge firmly in my anonymous cheek!!)

Re:In other news ... (0)

Anonymous Coward | more than 4 years ago | (#29734733)

Come to think of it, couldn't that program be thought of as "bloatware" for the masses? We thought we wanted it, but quickly found out that:

(a) it does MORE than we thought it did (not all of which we're comfortable with)

(b) once "installed", it's impossible to modify the program to make it behave more reasonably, and it's almost IMPOSSIBLE to remove.

(c) it does it's best to convince us that all the stuff it does in the background is a "necessary expense of resources" to keep us safe and secure

(d) threatens all kinds of doom and apocalyptic events if it IS removed

(e) finally, the final costs of the program are WAY MORE than we ever intended to pay in the first place.

Yes, put the illegal wiretap program into the black hole list of unwanted/unneeded programs, and "delete" it from our "systems".

Is it just me... (1)

XPeter (1429763) | more than 4 years ago | (#29724685)

Or have these past few days been really slow for news?

And on-topic, who uses Ad-Aware? Same applies to Norton.

IDK about new Ad-Aware, but Nortons back on top... (2, Insightful)

DRAGONWEEZEL (125809) | more than 4 years ago | (#29725271)

according to several major computer publishers the '09 version of Norton did a lot better than all other antivirus software according to MaximumPC.com http://www.maximumpc.com/article/features/protect_your_pc_from_guys_like_this [maximumpc.com]

and PCWorld.com
http://www.pcworld.com/reviews/product/44052/review/internet_security_2009.html [pcworld.com]

Not that either are like security mags I'm an MPC fanboy, so take this as you will.

Ingenious! (1)

should_be_linear (779431) | more than 4 years ago | (#29724737)

Wile E. Coyote will definitely succeed this time...

On the internet (0)

Anonymous Coward | more than 4 years ago | (#29724741)

... nobody know's you're a nigger

Nowhameen fshizzle?

Phenotype vs. Lamarckian inheritance (0)

Anonymous Coward | more than 4 years ago | (#29725139)

I was tempted at first to say Genotype should instead have been named Phenotype, but in the realm of computers and software (as opposed to biological species), Lamarckian inheritance is widespread.

Re:Phenotype vs. Lamarckian inheritance (2, Funny)

Hognoxious (631665) | more than 4 years ago | (#29725399)

Well I haven't seen much evidence of intelligent design...

Microsoft Security Essentials FTW (1)

Therefore I am (1284262) | more than 4 years ago | (#29727205)

Microsoft Security Essentials is free and does an excellent job. What's more, on a fast machine you will not be aware of it in operation. Works for me.

Bloatware (1)

pdragon04 (801577) | more than 4 years ago | (#29725259)

Like almost all fee-based malware products marketed to home users, Adaware now-a-days is just bloatware crap that seems to cause as many problems as it tries to solve. The performance degradation of its background service is almost worse than what some malware causes. Avoid like the plague.

I advise all my home user customers to never pay for ANY antivirus/antispyware software. None of it prevents anything anymore and isn't worth spending money on. All it's good for anymore is notifying you after the fact when you get an infection and then most people have to pay to have it cleaned anyway. Install Firefox & set it as the default browser then install AVG/Avast/Spybot/etc (anything as long as its free) to provide infection notifications.

Re:Bloatware (0)

Anonymous Coward | more than 4 years ago | (#29730869)

None of it prevents anything anymore

How so? Not everyone always faces malware relying on 0 day exploits, and any decent AV can detect most malware through common vectors before it's executed, like removable disks, HTTP connections, attempting to open an executable etc using both signature and heuristic detection. Obviously it doesn't always work but it's better than nothing at all on a Windows system. Just get an anti-virus solution with a small footprint like NOD32 or something.

Not what I thought (1)

abbynormal brain (1637419) | more than 4 years ago | (#29725363)

Based on the title of the article - I thought the "behavioral detection" might have been based on the Slashdot "Karma Engine". I guess not.

----
Yes, my karma is currently "bad" ... and about to get worse. :(

Does it really matter though? (2, Interesting)

DRAGONWEEZEL (125809) | more than 4 years ago | (#29725379)

If you have 1 detection on one software suite, how many do you have on any other suite?

My gues is N +X where N is the number of suites you try and X is any positive integer >1.

That's why the solution really is this: http://slashdot.org/comments.pl?sid=1388939&cid=29619053 [slashdot.org]

Phenotype is what they want (0)

Anonymous Coward | more than 4 years ago | (#29725533)

Genotype is the genes. (and the age-old signature based detection method)
Phenotype is the behaviour. (teh new koolness TM, (R), (C), patent pending)

Check wikipedia if in doubt.

And LOL at the windoze lusers always wrangling with malware... Oh boy. :)))

everbody now.... (1)

CHRONOSS2008 (1226498) | more than 4 years ago | (#29725729)

What finger am i holding up for that company.....

The usual salute for Lavasoft (1)

Jim Efaw (3484) | more than 4 years ago | (#29727593)

What finger am i holding up for that company.....

Ah, so that's what the Ad-Aware 11 logo looks like!

But seriously: How do you trust a "security" company whose own download links all lead to a dead blank page [lavasoft.com] until you unblock JavaScript not only on their site (www.lavasoft.com) but on a third-party site you've never heard of (www.trialpay.com)?

I used to put Ad-Aware on every computer, but around version 7 Ad-Watch started dragging down my clients' computers, then started dragging down my computers. I still offer it occasionally to clients who are unusually malware-prone, but it got past the cure-is-worse-than-the-disease part for a lot of people a while back. Maybe this new buzzword-thing version will clear some of that up.

What's new? (2, Funny)

mhajicek (1582795) | more than 4 years ago | (#29726459)

What's new about heuristics?

Yo0 insensitIve clod! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29727499)

Re:Yo0 insensitIve clod! (0)

Anonymous Coward | more than 4 years ago | (#29728465)

Who are you and what do you want?

PS you forgot to mention *BSD

I wonder how far this software has come along (1)

djnforce9 (1481137) | more than 4 years ago | (#29733799)

I used to use Ad-aware Pro way back when the newest version was 6.0 (not sure was the newest one is now). However, I eventually had to get rid of it. I found that it was very ineffective at actually removing active Malware. Basically what would happen is that because the Malware is already loaded into memory (sometimes even when in safe mode), ad-aware could not terminate the processes that would in turn free up the files to be deleted. So it told me adware was present but could do nothing more. In addition, Ad-Aware used to have something called "Ad-watch" which provided real-time scanning and could prevent unauthorized registry edits. The problem is that it also prompted you when you tried to install legit software and the WORST case ever is when ad-watch eats up all your CPU because it tries and blocks registry edits that malware continuously makes in an endless loop (i.e. when a mal-ware registry entry is removed/blocked, the malware automatically detects this and re-adds itself). Also, from what I remember, Ad-Aware did nothing about rogue Active-X controls either (which I know detects when you try and close the the Malware's related processes and then in turn restores it). To summarize, you basically have to kill all processes, active-x controls, and services created by the Malware manually before Ad-Aware and Ad-Watch could do its thing. That stuff should be done "for you".
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>