Avast! Antivirus 6 released

AVAST Software a.s. has released new versions of its popular set of anti-virus and security products.

Used by over 130 million users worldwide, Avast! Antivirus is one of the most trusted and recommended solutions for protecting against virus and spyware infections. Using the Free version of the software does not put you at any great disadvantage compared to the Pro version, which is not something you can say for a lot of free anti-virus suites that have paid equivalents. 

Using the free version does require you to register the program using a valid e-mail address, but this only takes a minute and you have 30 days to stop procrastinating and do it. 

Time and time again, Avast! has been recognized for its effectiveness at protecting systems. In 2008, AV Comparatives awarded the software an "Advanced" rating for its performance, and awarded it an "Advanced+" rating in 2009. In 2010, Avast! claimed the VB100 award from Virus Bulletin for, amongst other accomplishments, detecting 100 percent of in-the-wild virus samples it was exposed to. 

AVAST Software may have gotten something of an ego-boost in November 2010. During an episode of WWE NXT in Manchester, England, an announcement that the "virus database has been updated" is audible over the PSA Announce system, prompting speculation that World Wrestling Entertainment uses Avast! products to protect its systems during broadcasts. 

I downloaded the release candidate of avast! Free Antivirus version 6 to see what it offers and more importantly what has changed since v5 of the software, which already received considerable praise for its comprehensive changes. 

Notable changes in Avast! 6
  • AutoSandbox - avast! 6 can be set to automatically run suspicious software sandboxed (incl. free version)
  • avast! WebRep - avast! 6 installs extensions for Firefox and IE9 browsers to display a website reputation rating calculated by a combination of virus lab data, and community input.
  • Script Shield - The Script Shield feature is now available in the Free version too.
  • Site Blocking - The Free version now also has the Site Blocking feature previously exclusive to Pro
  • SafeZone - This Paid-only feature provides a special virtualized environment for sensitive transactions, such as secure online banking.
  • Behavior Shield - The avast! Behavior Shield has had stability and compatibility improvements.
  • Boot-Time Scan - avast! 6 now lets you set Boot-Time scanning to automatically clean detected threats.
There are other changes in avast! 6 too, such as a "protected by avast" message shown on Windows 7 boot, a Sidebar gadget, options to restore factory settings easily and more changes affecting performance of avast! features. 

avast! 6 installation

One of the things I most like about the installation of avast! Antivirus is that you do not need a long reboot to complete installation (except for the Autosandbox features which we will see later). One noticable difference with the installation of avast! 6 compared to when I installed avast! 5 originally, is that the installer now runs some kind of a system scan. This might be a great idea as many of you might have noticed when you tried to install an anti-virus product on a badly infected system in the past. 

Even with the scan added, the installation is painless and you only receive one nag about registering when it is completed, which you can easily just close and get out of your way. From that moment on, avast! 6 is more or less doing its job. It updates almost immediately (which will introduce you to the voice announcements of updates if you have not used avast! before) and its real-time shields will be up and scanning your system in the background in no time. 

I have to say that of the many anti-virus products I have installed, the avast! 6 installation is easily the least annoying considering the features the software offers. 

Real-time Protection in avast! 6

Prevention is always better than a cure as we have been told time and time again. This applies perfectly to the world of malicious malware and the arms race that is on-going on both sides of the war. It is not uncommon at all for a security suite to be able to completely prevent an infection of a certain malware variant by stopping it at the first step, yet the same security suite can fail, ultimately or partially, to remove exactly the same threat once it has taken hold of a system (if installed afterward, for example). 

For that reason, a good security suite intended to be used by home users who may know little or nothing at all about malware protection better have a system in place aimed at preventing an infection at its source. Avast! Antivirus answers this call very well by fighting initial infections on many different fronts. Malicious file attachments delivered via e-mail? Avast has a solution! Dodgy P2P network downloads? Avast has a solution! Clicked on a malware-peddling web link or something delivered via IM? Avast has a solution! 

In fact, Avast! goes out of its way to specifically target the sources of malware infections in order to stop the undesired from happening in the first place. This comes in the form of "Real-Time Shields". 

avast! Real-Time Shields
  • File System Shield - The File System Shield is the main-component of the avast! real-time scanner. It monitors all files and programs stored on your computer, snooping on files as they are being opened, accessed or written to. Thanks to this shield, a user will be prompted with an alert by avast! if they click on a file that is detected as a threat (or even within a folder where that file resides.)
  • Mail Shield - Downloading bad attachments from e-mail applications has been one of the primary ways in which malicious software has been spread for a very long time now, and it still accounts for a lot of infections today. The avast! Mail Shield monitors your e-mail traffic and can prevent the threat from getting to your computer at all.
  • Web Shield - As you browse the web, the avast! Web Shield scrutinizes the pages and elements you load into your browser, continuously checking each item to protect against known threats.
  • P2P Shield - Peer-to-peer file-sharing networks are well known for harboring threats. The P2P Shield will check all downloads through known P2P networks to ensure the files are clean.
  • IM Shield - Instant Messaging programs can be used to spread worms and other nasty stuff. Infected computers can send bogus files to friends of the victim on IM networks that are infected. avast! deals with this by checking all downloads through IM networks
  • Network Shield - The Network Shield monitors traffic on your local area network to ward off malware that spreads through local networks. This shield is also responsible for protecting against known malicious websites, preventing them from being loaded before they can do any harm.
  • Script Shield - Available in the free version of the security suite for the first time through avast! 6, the Script Shield intercepts all scripts executed on your system locally and remote, looking for suspicious activity.
  • Behavior Shield - This shield is important in that it analyzes the behavior of running programs. Activity that is found to be suspicious will prompt an alert to the user. This means that even if avast! failed to detect a malicious piece of software as a threat, it may be able to point the finger at it anyway because of what it is doing, and these days with new threats popping up all over the world every day, this kind of thorough scrutiny is important.
Any of the above Real-Time Shields can be disabled at any time by simple clicking "Stop". The suite is able to protect itself against malware too. Malware often attempts to corrupt security suite software, or to attack its running services. For this reason, when you attempt to stop any Real-Time Shield, you will be asked to confirm your choice. Getting this message without ever trying to turn off a Real-Time Shield would not be a good thing, and maybe would indicate it is time for a Boot-Time Scan. 

Disabling any shield will prompt Avast! to change its Status to "ATTENTION". It will inform you that your system is not fully protected and offer you the chance to fix it. Thankfully, in avast! settings, under "Status Bar", you can instruct the program to ignore the status of any particular shield, which will result once again in the less alarming "SECURED" status. 

Of course, avast! 6 may fail to intercept a brand new threat that it is unfamiliar with before it manages to take hold over your system. Then, after a virus definitions update, it will be able to detect the infection on your system. So now instead of relying on the Real-Time Shield, you have to do some good old-fashioned scanning, and avast! has plenty of muscle here too. 

Scan Computer

avast! Anti-Virus offers several different choices when it comes to running a system scan. One of these is a "Boot-Time Scan" which runs before the vast majority of Windows loads, so we will look at that after we cover the scans you can run in the avast! GUI. Under "Scan Computer", we have four main options. 

Scanning options in avast! GUI
  • Quick scan - This option will just perform a quick scan of your system, focusing on areas of the System Drive. It also will look for signs of a Rootkit infection, scrutinize programs set to automatically run with Windows and operating memory.
  • Full system scan - If you don’t mind waiting a bit longer just to be sure, then a Full system scan will do a more thorough examination than a Quick scan. In this case, all hard disk drives connected to the system (including external) will be checked for threats. It will also perform a rootkit scan and check the memory for signs of malware.
  • Removal media scan - If you have any removable media attached to your computer such as a USB key or a disc in a DVD drive, this scan will check only these media for threats, leaving out a rootkit, memory or any HDD scanning.
  • Select folder to scan - Exactly as it says, this option allows you to just pick a folder on any HDD connected to your computer to check for threats.
The above scanning options are great and are more than you would need from a free anti-virus suite. However, they are not perfect. It is entirely possible for these scans to fail. Malware running in memory can prevent avast! from effectively removing threats from the system and rootkits can hide themselves away from the scanner and never be found. 

For this reason, it may be necessary to use the best scanning option that avast! offers to its users, a Boot-Time Scan. 

avast! Boot-Time Scan

Boot-Time Scan - In avast! Antivirus, you have the option to schedule a boot-time scan for the next reboot of your computer. A Boot-Time scan will initiate before the vast majority of Windows is loaded. This allows it to scan for threats before they are loaded into memory in Windows, and before they can get any self-protection mechanisms in place.
Additionally, the avast! Antivirus boot-time scan utilizes direct hard disk drive access, which means it does not have to rely on the OS file system drivers, which can help to uncover the presence of stubborn rootkits on a system. 

In avast! 6, you can now dictate what the boot-time scanner will do automatically if it finds a threat. This is very helpful as this option was unavailable before. Since the scan can take quite a while to complete, it wasn’t safe to get up and leave your computer in case a threat was found, in which case your input would be required. But now you only need to go to the Boot-Time Scan settings and set it to Repair, Move to Chest, Delete, Ask or Take no Action. That’s much better! 

So we have covered how avast! Antivirus attempts to protect your system in real-time, warding off initial infections. Then we had a look at the options you have to scan your system within Windows or before it loads at all. The great thing is, it does not stop there. Avast! has yet more ways to protect your system from being damaged by malware in the form of Additional Protection. 

Additional Protection

avast! Antivirus 6 provides additional protection that helps to keep your computer clear of threats. The three additional features that it offers us are AutoSandbox, WebRep and Site Blocking. But what are these and why are they useful? 

AutoSandbox

avast! has had Sandbox features for a while now, but avast! 6 brings about the ability to have the program automatically run suspicious software in a Sandbox environment. Basically, when running a program Sandboxed, all the data it would try to write to disk will be captured in the Sandbox instead. No actual changes will be made to the files or registry keys it tries to modify. 

A Sandbox can also stop kernel calls such as KeBugCheckEx which would result in a system halt (BSOD). This can stop malware from rebooting a system for example (some malware will modify a registry key such as the USERINIT key and then force a reboot). 

So it is easy to see why running software in a sandbox environment can protect your computer (see a guide for Sandboxie here). 

AutoSandbox is set to "Ask" in avast! 6 by default, so a user needs to go to its settings to manually switch it to auto if they wish. AutoSandbox does require a reboot of the system before it works properly. 

WebRep

WebRep is a feature added in avast! 6 that installs extensions to both the Internet Explorer 9 and Mozilla Firefox browsers. The extensions pull data taken from both the avast! virus lab and user input to give you an idea of the reputation of a website. 

The WebRep extensions can be easily uninstalled in either of the browsers or from avast! itself under WebRep. 

Site Blocking

One last thing to mention is the Site Blocking features available in avast! 6. Site Blocking allows you to specify any website to block access to. Combined with the ability to put a password on avast! to stop users from changing settings, this could work well for parents who don’t want their children on certain websites. 

Blocking a site is a easy as just entering the URL into avast! under Additional Protection / Site Blocking. When a user attempts to visit any blocked site in a web browser, they will be prompted with the message shown above. 

Thoughts on avast! 6

The changes made in avast! 6 are certainly not as radical as those between v4.8 and v5, which included a whole new interface design, a powerful new anti-malware engine and much more. Regardless, adding new features such as the AutoSandbox feature has made the update important enough in its own right. The Free edition of the A/V utility is just as feature-packed and effective as many paid alternatives on the market, and this has been shown time and time again in broad lab tests of security software. 

If you are looking to recommend an anti-malware utility to friends or family, then avast! Anti-Virus certainly has a compelling case for your backing. It sports an interface easy enough to be understood by novice users while running effective prevention mechanisms in the background. It has a relatively speedy scanning engine and can run a scan at boot to get even the most stubborn malware. Beyond that it can detect suspicious behavior from programs that it doesn’t initially detect as a threat and automatically sandbox anything suspicious. 

It is kept well up-to-date with daily updates to the virus definitions database and regular program updates delivered automatically. It promises to do a lot and all without killing your system’s resources. For its purpose, it passes easily as an effective anti-malware suite, and its easy to see why it is used by 130 million around the world with that number likely to keep growing.