Other issues in this category (44)
About ghost anti-viruses
When I was looking for an anti-virus for my computer, many sites referred me to Dr.Web Security Space Pro. So I decided that, perhaps, it was a good anti-virus. I downloaded and installed it, but it turned out that the anti-virus file itself contained a virus. And, as a result, my computer was not only left unprotected from viruses, but was also infected with them, so I had to reinstall Windows and install another anti-virus. I haven't used Dr.Web Security Space Pro since and wouldn't recommend it to anyone; it’s a very bad and unreliable anti-virus.
"Due to discovered vulnerabilities, download and install…" - you’ve probably read these words in publications about IT security quite often. But, should we really stop being paranoid and assume that a link on a certain site will allow us to download legitimate software (even if the publication is an exact copy of a news post from an official site)? And, we increasingly often hear of incidents involving criminals compromising legitimate sites and publishing news items that further their interests. And criminals can easily rename their file drweb-11.0-av-win.exe.
What should we do? Well, there is a solution! In our publications, we frequently mention the self-protection module. It guarantees the stable operation of the anti-virus whenever criminals attempt to terminate the anti-virus’s processes or alter them. Also note that all critical anti-virus components have a digital signature. The same is true about Dr.Web distribution files. To make sure that the file hasn't been tampered with, the signature is verified whenever an installation is started. The presence of a signature indicates that the file indeed has been created by Doctor Web. No one else can sign a file using the company's signature.
To check whether a downloaded file is digitally signed, do the following:
- Right-click on the downloaded distribution file, and in the drop-down menu select Properties.
Go to the Digital signatures tab.
Important! The absence of this pane indicates that the signature is corrupt or absent and, therefore, the file is either fake or has been damaged.
To view additional information, select the string containing "Doctor Web Ltd" and press Details.
What does sha256 for the property Digest algorithm mean?
sha256 is a cryptographic hash function that generates a unique 64-symbol string for each file. This function guarantees that a different string will be generated if a hash is calculated for another file. To date, nobody has been able to find a way to end up with two different files having identical or at least similar hashes.
Unlike sha1" and MD5, which we described in the issue "Recorded, controlled, secure", sha256 is currently recommended for use. Using this algorithm ensures that a file’s integrity will be reliably verified.
By the way, as you check signature information, you can also learn how relevant the distribution is (the “created date”). It's no secret that installers for outdated versions of applications can be found on many sites. #anti-virus #Dr.Web_settings #security #malware
Doctor Web is an anti-virus developer. It can't shut down sites that distribute Dr.Web software illegally. Neither can it track down all the sites that publish its news posts and verify the links they provide.
Those who are really concerned about the security of their system won't go looking for an anti-virus in a random location. Download an anti-virus (as well as any other software program) from the official site of its respective developer.
If people go looking for an anti-virus on a file-sharing site, the equivalent of a trash heap, what other result do they expect?