How to trick yourself
Monday, March 6, 2017
Only fools and charlatans know and understand everything.
Anton Chekhov
From time to time, you’ve probably read various recommendations on how to govern yourself on the Internet in order to protect your computer from infection if it is not protected by an anti-virus. The following argument is very convincing:
What reason could there be to install a bona fide anti-virus if you can use the VirusTotal service to pre-check any file before using it? There, several dozen anti-viruses check it simultaneously, not just one anti-virus! It’s safer, and it’s free, so always check your files there, and you won’t have any problems.
Well…
- First, it’s rather time-consuming to “feed” each file to the service manually.
- Second, usually users only check executable files. Such files can be “clean”; moreover, they can even have valid digital signatures that enable them to run without any problems even in the most recent versions of Windows. However, after launching, they can upload a DLL file which, in turn, will appear to be malicious.
- Third, VirusTotal uses real virus scanners, but it won’t tell you how the preventive protection of each anti-virus would respond to an attempt to execute a file. For example, the Dr.Web behavioural analyser is capable of detecting encryption ransomware after it’s been launched (even if the latter was not detected during scanning) and blocking its activity. But, if you just scan an executable file to check whether the scanner can detect it and then run it on your own computer which is not protected with a resident anti-virus, the result will be sad.
- Fourth, a small number of threats detected on VirusTotal in some particular file are often considered false positives—“That won’t happen to me!” thinks someone who’s seen only three anti-viruses of all those present detect a file as malicious. There are even special programs that check files in VirusTotal and detect them as being malicious only after a threat has been detected by ten or more scanners. However, in reality, not all anti-viruses can detect a new Trojan when it first appears in the wild. Sometimes it can take several months. In addition, only domestic anti-viruses immediately identify many of the threats targeting solely users from Russia and CIS countries—but will the fact that the Trojan, which has just infected your system, is not considered a threat in North America set you at ease?
The Anti-virus Times recommends
Don’t expect that a secret, free method of protecting your computer against malware will be more reliable than practice borne out by decades of resident anti-virus use.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
vasvet
10:39:15 2018-07-04
Неуёмный Обыватель
10:05:28 2017-03-06