AVAST Software Releases Updated Free Antivirus

AVAST Software announced the release of avast! Free version 6.0, an antivirus solution that's totally free for non-commercial use. This edition includes a protective layer called Script Shield that was previously available only in the Pro edition. It also adds two new features called WebRep and AutoSandbox.

Script Shield adds to the products basic Web protection by actively scanning scripts found on Web pages and blocking those found to be malicious. It's a small but significant addition to real-time protection. Vince Steckler, AVAST's CEO, noted that simple signature-based detection is a black-and-white proposition; either a file is recognized as bad or not. AutoSandbox offers a third choice for files that manifest suspicious behavior but don't match a known signature. When avast! detects a suspicious file it gives the user a chance to run it in the sandbox, meaning it can't do any permanent damage.

AVAST's CTO, Ondrej Vlcek, further explained, "If the item is dangerous, the virtual computer is shut down and the user's real machine remains safe. And, if the item is safe, there is no hassle from a false positive." The product can use more aggressive heuristic detection because a false positive (detecting a valid file as malicious) does not kill the file.

The Web reputation feature draws on the knowledge of avast!'s 120 million active users to both identify bad Web sites and categorize Web sites of all kinds. A browser toolbar offers instant access to existing reputation information for the current site and also lets users quickly add their own impressions. WebRep also draws on the company's database of known malicious sites, and marks up search results to help users avoid visiting a dangerous site.

Steckler noted that the free product is AVAST Software's flagship. It's the one they submit for testing to the independent labs, and it consistently scores well. The 6.0 Pro edition adds a new feature called SafeZone, which allows fully protected browsing even on a system with active keyloggers or other malware. Avast! Internet Security 6.0 includes all features of the Pro edition as well as firewall and antispam. PCMag will post reviews of these products once our evaluations are complete.

Nasty Fake Antivirus

According to multiple security researchers, fake antivirus software was the biggest cyber crimes in 2010 and continues to be a major on-line scam. When fake antivirus first appeared, it could really be categorized as "scareware" and was fairly innocuous. Fake AV popped up unexpectedly, told you that your system may be infected, and then launched a fake scanning engine. While some people were clearly duped, you could easily work your way out if you recognized the scam. No harm, no foul.

I recently saw a demonstration of a more modern version of fake antivirus. The bad guys have made this scam more effective and sinister. When the fake AV appears on your system now you notice a steady progression with no way out. First, it shuts down your real antivirus and removes the icon from your system tray. It then shuts down any applications you have open, claiming that they may be infected. Finally, it blocks any file with a .exe extention so you can't open any processes. This blocks all of the things you would normally try to alleviate the problem. I tried launching pre-installed antivirus software to perform a system scan, opening Windows Task Manager to kill a process, and going into Windows tools to restore the system configuration to an earlier recovery point. All of these actions were blocked. Oh and don't bother re-booting the system. This won't help either.

Basically, fake AV launches a denial-of-service attack, making your PC absolutely useless. It reminded me of the insidious pop-up spyware and adware from the early 2000s. With this type of attack, even users who know better are tempted to buy the fake AV in order to get their PC, and their precious data, back. If you can open a browser and are willing to fight on, there are numerous downloadable tools that claim to overcome fake AV. Guess what? Many of them are just another kind of malware. Cybercriminals know how to kick you when you are down.

If you do get infected, there is actually a relatively easy way out. You have to reboot your system in safe mode (press the F8 key as you do), go into system tools, and then restore your system to an earlier recovery point. When this action is completed, I recommend updating Windows and doing a full system scan with your real AV immediately.

I've read a lot of research indicating that many users either don't use AV at all or don't really maintain it. You could say that these folks deserve to be scammed but when their PCs become part of a global botnet it impacts us all. The bad guys are very good at what they do. The only chance we have is to stay smart, share information, keep our systems up to date, maintain strong defenses, and remain vigilant.