Avira Scout and ABS – A match made in heaven – Updated Jan. 2017

Update January 2017

The ABS technology is still in Scout but we removed the button (spring cleaning the UI). So please don’t get confused if your “I installed ABS on Chrome” user interface looks different from Scout. The ABS feature can be controlled via the Autopilot button.

Original Post

When designing the Scout security framework we added our ABS (Avira Browser Safety) pretty early. Why? Well, its purpose was to block malicious URLs (URLs serving exploit kits that infect your computer with stuff like Ransomware fully automatically). Case closed.

Coming back to ABS after about one year later to create a feature list for some internal reasons, I am surprised: In addition to blocking malicious URLs, ABS now does even more to ensure your security. This is the list of security features ABS is contributing to Scout (as of April 2016):

PUA blocking

Potentially Unwanted Applications (also known as PUA or PUP for some other AV vendors): Downloading PUA installers will not only get you the program you wanted but also toolbars and other side loaded unwanted stuff. In addition to that they normally are very hard to remove. If we know a better source for a “clean” version of this download we direct you to it instead. This feature relies on our Avira URL Cloud (AUC).

Malicious URL blocking

Visiting a malicious page will make you an instant target for an exploit kit. The automated tools attached to those pages will find a matching exploit for vulnerabilities in your browser, hack it, and install malware (currently mostly ransomware). We block it, of course. This feature is based on AUC data.

Phishing URL blocking

Phishing pages looks like your online banking page and behave like it, too. And as soon as you log on, it transmits your username and password to its owner. We detect and block such pages, based on AUC data.

SPAM trap websites blocking

These pages collect your email address to send you SPAM. Without asking you for permission, of course. We detect such pages based on our AUC data.

MSE (Malicious Search Engines)

These search engines partner with malware: Sometimes if a malware is executing on your computer, those search engines are being set up as the start page and/or default search. The search engine and the malware author will now split any revenue generated. If ABS detects one of those pages, it will offer a simple “fix it” option and replace the search engine. AUC powered.

Set the DNT (Do not track) header

For your convenience ABS sets a DNT header which will ask tracker companies in a very polite way not to track the user. By the way: All browsers actually do have this option somewhere deep down and well hidden in their settings. Don’t bother searching for it. We just activated it when you installed ABS. 😉

Anti-Tracking

Many trackers do not respect our polite request not to track the users. So we go one step further and just kill them before they are loaded. This is based on our AUC data as well.

 

So yes, that’s what ABS can do for you. If you want to take it for a test ride, it can be downloaded  over here for most of the common browsers. It is also hard-wired into our Avira Scout. But that’s not all: Even more cool features are in the pipeline – so stay tuned!

Stay secure,
Thorsten Sick

This post is also available in: GermanFrenchItalian

I use science to protect people. My name is Thorsten Sick and I do research projects at Avira. My last project was the ITES project where I experimented with Sandboxes, Sensors and Virtual Machines. Currently I am one of the developers of the new Avira Browser