The Anti-virus Times

Monday, July 10, 2017

Can an anti-virus protect a system from vulnerabilities? That's a weird question, but sometimes people ask it. An anti-virus scans files and processes generated by executed files, and vulnerability scanners are used to detect loopholes. Thus, the two different products are performing different tasks, but there’s more to it than that.

Vulnerabilities can roughly be divided into two categories. The first category includes loopholes, which are known to developers who release security patches to close them, and the second includes unknown software flaws for which no security updates exist. Vulnerability scanners only recognise loopholes belonging to the first category, and if you've installed all the updates available for your system, it is protected from exploits that abuse known vulnerabilities (if you are a software developer yourself or if your machine runs a web server, the situation can be different, but as far as popular applications go, you’re safe).

However, unknown vulnerabilities do exist in your system, and you should get used to that fact because nobody (including the scanners and anti-viruses) knows about them.

But does this mean that nothing can be done?

Not at all because vulnerabilities come in all shapes and sizes. For example, the loopholes exploited by WannaCry merely enabled the malware to upload a file onto a targeted machine and launch it. But if an anti-virus file monitor is running on that computer, it will check that file, and, if it appears suspicious, it will prevent it from being launched. This happened to WannaCry on machines that were protected with Dr.Web. A file monitor doesn't care about vulnerabilities. It does its job regardless of any known or unknown loopholes being present or absent in a system.

You can theoretically find an exploit that will not only deploy malware in a system but shut down the anti-virus as well. But in real life things like that happen very rarely, and home PC users aren't likely to experience anything of this kind.

The situation when an exploit injects malicious code into running processes is more common. But Dr.Web’s anti-rootkit and anti-exploit modules will protect your system from these threats too.