Today we released the Update EU2 for all Avira AntiVir 9 products. The developers fixed a bunch of small bugs which some users occasionally ran into. The update is being distributed via automatic update function, so there is no need for users to do anything.

To name a few of the bugs fixed: Our developers further improved the IMAP support of the MailGuard. For example, in rare circumstances an application error in Thunderbird occurred when using 1&1 IMAP accounts.

Some issues with the firewall of Avira Premium Security Suite have been solved as well. These mostly are of cosmetic nature like firewall dialogs did not fit on the 800×480 pixels display of the EeePC. Some trusted publishers weren’t always properly detected in applications, resulting in more firewall prompts for user action. For the server versions the update corrects some errors, too.

Additionally we’re planning to release more international versions of AntiVir 9 tomorrow. We’re going to publish the software versions Avira AntiVir Premium, Avira Premium Security Suite and Avira AntiVir Professional in Italian, Spanish, French and Russian. The free Avira AntiVir Personal will be available in Italian and French then as well!

Dirk Knop
Technical Editor

As you may have heard, we released version 9 of Avira AntiVir last week. From our update servers we can tell that up to yesterday more than half of Avira AntiVir Premium users as well as those using Avira AntiVir Personal have upgraded to the new version. Looking at the support statistics, the new version runs very well and smoothly.

But questions arose due to a new feature which many people seem to activate (which is good, by the way.). It scans the system files and checks their integrity by verifiying their digital signature. If someone or something like malware tampered with those system files, it will invalidate the digital signature and cause Avira to warn about this.

A digital signature is a checksum of the file which is stored together with a digital certificate of the producer of the software. If the file gets changed, the checksum changes as well and the digital signature isn’t valid anymore. By checking the certificate it can be validated that the producer is the “real” one.

This leads to some confusion whether the systems of affected users are in fact infected or not. This is hard to tell on end-user-systems. There are patches available which lift the connection limit of half open TCP/IP connections in Windows XP and newer versions by directly modifying the responsible DLL. Other programs tamper with the system files for adding themes to windows (NB: you don’t need to change executable system files for applying themes to windows, better stay away from such software).

So the computer isn’t necessarily infected when Avira warns about invalid signatures in system files. In companies you may want to take such systems offline and analyse them anyways. Computer users should be aware that they can’t really trust their system anymore once these signatures are invalidated, as malware may modify those binaries as well – and now the user can’t see that this happened as the signature was invalid already before.

Dirk Knop
Technical Editor

The Professional Edition of AntiVir 9 will introduce a new feature which we have called Configuration Profiles. The idea behind this feature is to better support mobile users. Probably you have faced the problem yourself when running an enterprise antivirus: as long as you are located in the company the product should update from a server in the Intranet and (in most cases) the security policy is very restrictive. However, when you are at home or somewhere at a customer or in the hotel, updates should take place from Avira servers and the security policy might be less restrictive: there’s no help desk available but you urgently need to install something etc.

The new Configuration Profiles now offer an effective and flexible way to configure AntiVir Professional according to these needs. The feature allows you to define up to 3 individual configuration sets called a Profile. A Profile includes all AntiVir options. For example you can define different update servers, activate or deactivate mail or web protection (e.g. in the company the user is protected by a gateway, at home or at the customers he’s not protected), etc. This allows an administrator to configure the system according to the individual situation.

Configuration Profiles can be switched automatically by the detected Gateway.

Each Profile (configuration) can be set active by an automatic rule. A rule can be:

• Use profile it the current default gateway or the default gateways MAC address matches
• Use profile if no other rule fits (default rule)
• Do not use a rule

If a rule is set accordingly AntiVir will automatically switch the configuration options in use depending on the current location of the notebook.

Configuration Profile can be also switched manually (not recommended as most users will ‘forget’ to do so):

Users can select the Configuration Profile manually, too.

Of course Configuration Profiles are also supported by the Avira Management Console for centralized management. The administrator can define the configuration sets and the rules but – obviously – he cannot switch between the Profiles.

We think that this is a somehow complex but useful feature in enterprise environments. Btw, if you do not want to deal with these profiles you can continue working the old way, of course.

Thomas Salomon
Manager Windows Software Development

We already mentioned some of the major improvements in Avira AntiVir 9. What we didn’t cover yet are some of the minor changes which make AntiVir easier to control and to use.

For example our developers overhauled the upload mechanism for suspicious executable files from the quarantine. Up to AntiVir 8, you were needed to enter your email address and your mailserver so the samples could be sent via email. Now you can send us such samples by a simple click – the new implementation uses a so called http upload.

Also, our programmers improved the “kill protection” for AntiVir processes. This prevents malware from forcefully stopping the AntiVir Guard. Furthermore the file protection got enhanced. The gamers among the Avira users will like the new automatic game mode which disables popups from the firewall when AntiVir detects a running game on the computer.

For the more and more popular netbook devices – tiny notebooks with reduced display size and resolution -, we now adopt the size of the AntiVir user interface. Therefor it is now possible to properly control AntiVir even on netbooks.

We also listened to the demands of AntiVir users who didn’t like that the scanner waited for user interaction when it detected malware. A new configuration option will allow to scan the selected paths or devices and show a summary of detected malware at the end. There it is possible to clean up the infections with a single click.

In the summary all these tiny improvements help making AntiVir 9 an even easier to use and more user friendly antivirus solution. You should give it a try when it will be released.

Dirk Knop
Technical Editor

The AntiVir 9 product family will introduce a new scanning mode for the integrated on-demand scanner which we called “Optimized Scan”. Optimized Scan is designed to improve on-demand scan performance on multi core systems. This scan mode must be explicitly enabled in the configuration and will especially use the capabilities of modern multi core CPUs (or systems with multiple single core processors). Note that this check box is available on multi core systems only:

A new feature for speeding up Avira AntiVir: Optimized Scan

The performance gain of course depends on your system resources (RAM, Hard disk and CPU frequency). A quick test on two systems each scanning the complete system and program files partition produced the following results:

In our opinion these are pretty good results. However, Optimized Scan has some drawbacks which we accepted to receive maximum throughput:

• Optimized scan works on multi core systems only
• Logging mode is reduced to “Normal”
• As the CPU cores are heavily loaded the user might notice his system reacting slower than normal

How it works? We can’t tell too much but I can tell you the following: Optimized Scan spawns an additional worker thread (only a single one, so we use only 2 cores right now) which takes over some tasks from the main core.

There’s still room for further improvement. Stay curious what’s coming up next…

Thomas Salomon
Manager Windows Software Development