Your browser is obsolete!

The page may not load correctly.

The workshop


Other issues in this category (32)
  • add to favourites
    Add to Bookmarks

When armour stops a projectile

Read: 1043 Comments: 2 Rating: 9

Thursday, May 18, 2017

It is common knowledge that the battle between virus makers and anti-virus developers is, in a way, an arms race or, to be more precise, a technology race. For example, because the malware development process has been automated, virus makers can significantly increase their output of malicious programs. The mass media loves stories about targeted attacks, but they fail to mention that attacks involving specially crafted malicious files that remain undetected for months are quite rare compared with other types of attacks. Why waste time writing a high-quality malicious program if, in the event it fails, it will be detected within an hour or two once the anti-virus has gotten its next update?


Over 98% of malicious samples (hashes) have a "life expectancy" of 58 seconds or even less!

Sadly, at an information security conference in Novosibirsk, it was stated that companies only ask for their malware incidents to be investigated six months after the incidents actually occurred!


Infection discovery percentage, within 24 hours or less.

Why is that? It’s because companies don't want to spend that much on anti-virus security. They use obsolete anti-virus applications (some people believe they’re faster), free anti-viruses (those don't include advanced protection technologies), and simple anti-viruses (these only detect malware programs by their signatures).

Many people also believe that an anti-virus doesn't need anything except virus databases. Is that true? Verizon Data Breach Investigations Report 2016 indicates that most malware strains are encountered just once!

Anti-viruses that incorporate only virus databases simply don't have time to receive the updates that are necessary to neutralise brand new Trojans. That's why to protect a system from the latest threats, Dr.Web incorporates Preventive Protectionwhich enables it to detect malicious files that disappear before their signatures are received as part of the next update.

#Dr.Web_settings #Preventive_Protection

The Anti-virus Times recommends

  1. In Anti-virus Times issues we often remind users that timely updates are important. The number of malicious programs that appear every hour is huge. That's why the importance of anti-virus updates is hard to overestimate. To maintain effective protection, prompt updates aren't enough: an anti-virus should be able to detect threats nobody knows about yet. Here’s what Dr.Web needs Preventive Protection for.
  2. To put it briefly, it is one of the Dr.Web components whose default settings should remain unchanged—let it work the way its developers configured it for you. We strongly recommend that under no circumstances should you change the values for the options "Integrity of running applications" and "Integrity of user files". They must always be set to "Block".


    If you don't quite understand what a certain option does, consult Doctor Web technical support before you change its parameters.

  3. Please don't forget that the Dr.Web Preventive Protection settings are recorded in the Dr.Web log, and our support engineers take them into account when analysing any virus-related computer incident (VCI) you request assistance with. If you have configured Dr.Web in such a way that it missed detecting a malware sample, Doctor Web may decline your request to recover your files if they get compromised by encryption ransomware.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.