McMcbrad
Level 23
- Oct 16, 2020
- 1,252
AVG Ultimate provides a group of apps for Windows, Mac, iOS and Android.
One license provides access to a vast multitude of features, that one-by-one might be costly.
Are these features enough bang for the buck?
Our advanced Artificial Intelligence system uses machine learning to automatically collect and extract data from our entire user base — then trains every security module. After finding a new malware sample, our products are automatically updated with new models, providing crucial, up-to-the-second protection.
In order to evaluate new and unknown threats, we’ve built a unique and sophisticated machine learning pipeline that allows us to rapidly train and deploy malware detection models within 12 hours. We also employ advanced techniques like deep convolutional neural networks (Deep CNN) to enhance our malware detection models. New security threats can appear suddenly, and take new and unknown forms; in such situations, our ability to update our models rapidly ensures our users remain protected.
Speed Test <No VPN>
Speed Test <VPN:Same Country>
Speed Test <VPN: High Distance>
I normally don't do this kind of software (TuneUP and CleanUP), but this one offers solid features that I like.
It's able to put software "to sleep". This involves stopping software services, auto-run entries and scheduled tasks - not that this can't be achieved manually, but it's much more convenient doing it with one click. Launching a program from this list "wakes it up" and then once it's closed, it goes back to sleep again.
One-click maintenance removes broken shortcuts, which I find really annoying in start menu or recently used files.
For older HDDs, disk defragmenter is offered, which is quite effective.
CONCLUSION:
AVG Ultimate offers a solid bundle of security, performance optimisation, VPN and Anti-Tracking.
Not all apps have to be installed, by default AVG Internet Security is downloaded and everything else is optional.
People looking for less bloated security might be better off getting AVG Internet Security Alone.
Users who just want to get rid of malware may try AVG free.
Important to note is that purchasing AVG through a reseller means you can’t add subscription to your online account. You won’t be able to use AVG VPN on iOS without that.
One license provides access to a vast multitude of features, that one-by-one might be costly.
Are these features enough bang for the buck?
Avast Web Shield
Processes all traffic coming over HTTP and encrypted HTTPS connections, using URL detection algorithms to protect against phishing as well as full content filtering to stop malware.Static Scanner
Analyzes code and binary objects prior to execution, using machine learning and various detection methods, including PE structure analysis, linker analysis, unpacking/de-obfuscation, and similarity, fuzzy, and algorithmic matching. Based on the analysis, our fast and efficient static scanner then characterizes the file as benign or malicious.Emulators
Two emulators (one for scripts and one for binary files) protect against zero-day malware and vulnerabilities as well as increasing resilience to malware sample modifications. These provide full emulation of the native computing environment, including a virtual CPU, virtual RAM, and virtual OS together with its subsystems. Features are collected during emulation and malware is then blocked according to our unique rule engine.Avast DeepScreen
Utilizing a full virtual machine, on which a cloned version of the user’s OS tests the suspicious files, DeepScreen uses machine learning algorithms to identify similarities with known malware families. The hypervisor-assisted virtual machine connects to the Avast cloud engine to utilize threat intelligence gathered from our entire user base.
We combine virtualization of suspicious applications and deep instrumentation to see at the high level, as well as at an instruction level, what the examined program is trying to do. Based on an observed behavior model using machine learning algorithms, we are able to identify similarities with known malware families. By peeling off layer by layer with deep dynamic introspection, the generic unpacker component is able to unveil known malware samples that could be hidden in heavily obfuscated and encrypted ones. During this process, our cloud engine utilizes threat intelligence gathered from our entire user base to assess all software samples.Avast CyberCapture
Activates automatically, when needed, to prevent the rarest and most sophisticated malware from infiltrating a user’s system. CyberCapture locks down and submits potentially malicious files, including all the associated metadata, to the clean-room environment of our Avast Threat Labs, while informing the user and keeping him engaged throughout the process. Advanced algorithms and Avast’s experts inspect the suspicious files in this most advanced layer of security. CyberCapture analyzes over 20,000 unique files every day.Behavior Shield
Monitors the system for suspicious activities while programs are running. Behavior Shield captures unusual behavior on the device (works on both PCs and Android smartphones) such as attempts to terminate the Windows Update or Firewall services, inject system-level processes, or use the camera without user-initiated activity. Once evaluated as malicious, it is able to automatically stop the activity, undo the operation, and quarantine the objects in question.
Our advanced Artificial Intelligence system uses machine learning to automatically collect and extract data from our entire user base — then trains every security module. After finding a new malware sample, our products are automatically updated with new models, providing crucial, up-to-the-second protection.
Training the Avast machine learning engine
Sophisticated threat prevention in today’s world does not rely on a single machine learning engine that provides a silver bullet to all cyberattacks. Instead, it is a combination of multiple ML engines that work hand-in-hand to defend against attacks. The engines work across devices (both on the cloud and on PCs and smartphones), they use static and dynamic analysis techniques, and they are deployed in many of the layers of our defense engine.In order to evaluate new and unknown threats, we’ve built a unique and sophisticated machine learning pipeline that allows us to rapidly train and deploy malware detection models within 12 hours. We also employ advanced techniques like deep convolutional neural networks (Deep CNN) to enhance our malware detection models. New security threats can appear suddenly, and take new and unknown forms; in such situations, our ability to update our models rapidly ensures our users remain protected.
AVG Internet Security provides the same protection that Avast does - I've already described here: User Feedback - Avast Premium Security 20.9
I'll shed a bit more light on how I perform my tests in this review though.
To conclude how good protection is, I test a product continuously for 14 days.
To perform the test I use samples and links collected from several sources, such as any.run, hybrid analyses, malwarebazaar and others. I have several emails that have been breached and registered in not-so-trustworthy websites, so these receive a vast amount of phishing emails. I analyse relations on VirusTotal and discover more and more malware, and links.
Every day the test includes:
I do not handpick links, but I specifically choose samples that are more difficult to detect (evasive, compressed, packed etc.). It's not necessary for these samples to be 0-days, but they should be prevalent.
Test has 2 outcomes - success (everything blocked) or failure (something has been missed)
A product must block everything to be successful.
It's not necessary for the malware sample to be deleted - for example blocking a loader from downloading any additional files is good enough.
At the end I use Hitman Pro, Norton Power Eraser and RogueKiller, as well as various utilities such as Process Explorer to establish whether everything has been blocked (when behavioural blocker has been involved.
In case of ransomware, products that support Secure Folders should keep the selected folders unencrypted.
I discard PUPs from the test, due to the fact that different vendors have different understanding of what's PUP. I consider misleading applications a form of malware.
As a last stage of the test I usually register a service, a scheduled task and auto-run pointing to a malware sample and containing malicious PowerShell code. I perform a scan and then check whether everything has been removed.
From time to time I can come up with other tests. These will be discussed in separate threads.
AVG protection and removal have both been successful on my tests.
The AVG behavioural blocker is usually very effective against file-less malware, as well as Java Malware, which is where other products typically fail.
Ransomware Shield, Sensitive Data Shield, Webcam Shield and Password Protection Shield have all been designed to handle non-process threats and support strict modes that may get around code injection as well.
Most of the products on my test remove scheduled tasks and auto-run entries, with few exceptions. AVG and Avast successfully remove the fake services I create.
AVG has a quick reaction time on blacklisting files and links. It usually takes 2-3 minutes after downloading a malware sample from a link not-yet-blocked to be blacklisted.
Same is with samples detected by CyberCapture and behavioural blocker (IDP).
I'll shed a bit more light on how I perform my tests in this review though.
To conclude how good protection is, I test a product continuously for 14 days.
To perform the test I use samples and links collected from several sources, such as any.run, hybrid analyses, malwarebazaar and others. I have several emails that have been breached and registered in not-so-trustworthy websites, so these receive a vast amount of phishing emails. I analyse relations on VirusTotal and discover more and more malware, and links.
Every day the test includes:
- 5 Phishing Links
- 5 Malicious Links
- 5 Malware Executables (*.exe files)
- 5 Malicious Word/Excel Documents
- 5 Scripts that abuse Windows processes
- 5 Loaders that rely on PowerShell. I do not download these, but rather copy and paste the code into PowerShell.
- Few Java malware files (*.jar)
I do not handpick links, but I specifically choose samples that are more difficult to detect (evasive, compressed, packed etc.). It's not necessary for these samples to be 0-days, but they should be prevalent.
Test has 2 outcomes - success (everything blocked) or failure (something has been missed)
A product must block everything to be successful.
It's not necessary for the malware sample to be deleted - for example blocking a loader from downloading any additional files is good enough.
At the end I use Hitman Pro, Norton Power Eraser and RogueKiller, as well as various utilities such as Process Explorer to establish whether everything has been blocked (when behavioural blocker has been involved.
In case of ransomware, products that support Secure Folders should keep the selected folders unencrypted.
I discard PUPs from the test, due to the fact that different vendors have different understanding of what's PUP. I consider misleading applications a form of malware.
As a last stage of the test I usually register a service, a scheduled task and auto-run pointing to a malware sample and containing malicious PowerShell code. I perform a scan and then check whether everything has been removed.
From time to time I can come up with other tests. These will be discussed in separate threads.
AVG protection and removal have both been successful on my tests.
The AVG behavioural blocker is usually very effective against file-less malware, as well as Java Malware, which is where other products typically fail.
Ransomware Shield, Sensitive Data Shield, Webcam Shield and Password Protection Shield have all been designed to handle non-process threats and support strict modes that may get around code injection as well.
Most of the products on my test remove scheduled tasks and auto-run entries, with few exceptions. AVG and Avast successfully remove the fake services I create.
AVG has a quick reaction time on blacklisting files and links. It usually takes 2-3 minutes after downloading a malware sample from a link not-yet-blocked to be blacklisted.
Same is with samples detected by CyberCapture and behavioural blocker (IDP).
AVG Impact on idle
AVG Impact on Deep Scan
Measured average CPU usage during browsing: 2-4%
AVG Impact on Deep Scan
Measured average CPU usage during browsing: 2-4%
AVG provides much better interface than their parent company (Avast). It uses a blend of dark grey and green, and all tools/settings are organised/easy to find.
Ransomware protection has a strict mode, which may get around code injectors.
Password Protection Shield secures credentials stored in Chrome, Firefox, Edge, Opera and AVG/Avast Secure Browser. It doesn't allow any 3-rd party apps to access folders, where credentials are stored.
Low-level web blocker stops all apps, and not just browsers from connecting to untrusted websites.
Sensitive Data Shield auto-detects files of interest (plane tickets, employment files, etc) and blocks access or modification by untrusted apps. It also manages account privileges, so other users can't read them.
The product offers highly-configurable and pretty solid firewall:
Password Protection Shield secures credentials stored in Chrome, Firefox, Edge, Opera and AVG/Avast Secure Browser. It doesn't allow any 3-rd party apps to access folders, where credentials are stored.
Low-level web blocker stops all apps, and not just browsers from connecting to untrusted websites.
Sensitive Data Shield auto-detects files of interest (plane tickets, employment files, etc) and blocks access or modification by untrusted apps. It also manages account privileges, so other users can't read them.
The product offers highly-configurable and pretty solid firewall:
AVG alerts are infrequent, though a bit more frequent than other products. They frequently include ads for other AVG apps, though permanent silent mode can be activated in settings.
They are raher free of complicated tech-terms.
The product lags a log viewer, so if you are looking to preview past events, that won't be possible. Kaspersky, Bitdefender and Trend Micro offer very detailed logging.
Help files haven't been updated in ages and include references to features, already long gone. Some features have been renamed by Avast, but they are still listed with their old names.
There is a reference for example to Anti-Spam component, whilst there is no such component at all. There are references to non-existing settings.
They are raher free of complicated tech-terms.
The product lags a log viewer, so if you are looking to preview past events, that won't be possible. Kaspersky, Bitdefender and Trend Micro offer very detailed logging.
Help files haven't been updated in ages and include references to features, already long gone. Some features have been renamed by Avast, but they are still listed with their old names.
There is a reference for example to Anti-Spam component, whilst there is no such component at all. There are references to non-existing settings.
Speed Test <No VPN>
Speed Test <VPN:Same Country>
Speed Test <VPN: High Distance>
I normally don't do this kind of software (TuneUP and CleanUP), but this one offers solid features that I like.
It's able to put software "to sleep". This involves stopping software services, auto-run entries and scheduled tasks - not that this can't be achieved manually, but it's much more convenient doing it with one click. Launching a program from this list "wakes it up" and then once it's closed, it goes back to sleep again.
One-click maintenance removes broken shortcuts, which I find really annoying in start menu or recently used files.
For older HDDs, disk defragmenter is offered, which is quite effective.
AVG Password Protection app appears only after the product has been activated. It's not a password manager, but rather a scanner for weak passwords and breaches.
AVG Ant-Track aims at preventing online tracking by randomising hardware ID.
CONCLUSION:
AVG Ultimate offers a solid bundle of security, performance optimisation, VPN and Anti-Tracking.
Not all apps have to be installed, by default AVG Internet Security is downloaded and everything else is optional.
People looking for less bloated security might be better off getting AVG Internet Security Alone.
Users who just want to get rid of malware may try AVG free.
Important to note is that purchasing AVG through a reseller means you can’t add subscription to your online account. You won’t be able to use AVG VPN on iOS without that.
Last edited:
