Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

How to trick yourself

Read: 10536 Comments: 2 Rating: 43

Monday, March 6, 2017

Only fools and charlatans know and understand everything.

Anton Chekhov

From time to time, you’ve probably read various recommendations on how to govern yourself on the Internet in order to protect your computer from infection if it is not protected by an anti-virus. The following argument is very convincing:

What reason could there be to install a bona fide anti-virus if you can use the VirusTotal service to pre-check any file before using it? There, several dozen anti-viruses check it simultaneously, not just one anti-virus! It’s safer, and it’s free, so always check your files there, and you won’t have any problems.

Well…

  • First, it’s rather time-consuming to “feed” each file to the service manually.
  • Second, usually users only check executable files. Such files can be “clean”; moreover, they can even have valid digital signatures that enable them to run without any problems even in the most recent versions of Windows. However, after launching, they can upload a DLL file which, in turn, will appear to be malicious.
  • Third, VirusTotal uses real virus scanners, but it won’t tell you how the preventive protection of each anti-virus would respond to an attempt to execute a file. For example, the Dr.Web behavioural analyser is capable of detecting encryption ransomware after it’s been launched (even if the latter was not detected during scanning) and blocking its activity. But, if you just scan an executable file to check whether the scanner can detect it and then run it on your own computer which is not protected with a resident anti-virus, the result will be sad.
  • Fourth, a small number of threats detected on VirusTotal in some particular file are often considered false positives—“That won’t happen to me!” thinks someone who’s seen only three anti-viruses of all those present detect a file as malicious. There are even special programs that check files in VirusTotal and detect them as being malicious only after a threat has been detected by ten or more scanners. However, in reality, not all anti-viruses can detect a new Trojan when it first appears in the wild. Sometimes it can take several months. In addition, only domestic anti-viruses immediately identify many of the threats targeting solely users from Russia and CIS countries—but will the fact that the Trojan, which has just infected your system, is not considered a threat in North America set you at ease?
#anti_virus #myth

The Anti-virus Times recommends

Don’t expect that a secret, free method of protecting your computer against malware will be more reliable than practice borne out by decades of resident anti-virus use.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments