Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks


Read: 1283 Comments: 2 Rating: 9

An anti-virus is the most common means of protection against malware, but it is far from the only means.Take, for example, vaccines (immunisers).

Vaccines appeared quite a while ago, virtually simultaneously with anti-viruses. Back then viruses, which are known to infect other files, were the most common pieces of malicious code. From a user's standpoint it’s entirely logical to think that before compromising a file, a virus should check whether it infected the file in the past.

If that’s true, one can determine the kind of data a virus will look for before infecting a file, append the data to the file, and voilà—no infection will occur! Note: this is achieved without using an anti-virus.

By the way!

Doctor Web has a polyphage program.

It’s primarily designed to neutralise polymorphic viruses which appeared in the computer world relatively recently.In general, Dr.Web scans disks and deletes detected viruses just like the Aidstest application. The same tasks aren’t performed twice because the programs work with different collections of viruses.

Dr.Web can effectively neutralise complex mutating viruses that can't be disarmed by Aidstest. Unlike Aidstest, Dr.Web can detect changes in its own code; it can detect files that have been infected with new unknown viruses,by extracting the contents of encrypted and compressed files and by seeing through a vaccine’s disguise. This is accomplished using a powerful heuristic analyser.

But this only goes smoothly on paper.Vaccines modify files and this gives rise to other insoluble problems.

  • There are a lot of viruses. Well, actually, that’s an understatement. THERE ARE TONS OF THEM.If the key properties of all the viruses were to be written into a file that requires protection, you would end up with a monster-sized piece of data. And, it would probably be unusable

    Today vaccines have almost fallen out of use because in previous years, malfunctioning vaccines inflicted significant damage to user data.

  • Even if one could manage to put all vaccines into a file (and continuously add in newly discovered ones), imagine how big the virus signatures would make the executable files, both on the hard drives and in the memory. It was in "ancient "times" that executable files numbered in the dozens. Now there are thousands of them.

  • Many people complain that their anti-virus utilizes CPU and memory resources. But imagine vaccine code being written into every single protected file after each update (e.g., once an hour). That would slow down your system alright!

  • Nowadays many files come with digital signatures that protect their integrity. Writing a vaccine into a file changes the file and it becomes unsigned. Among other things, this means that anti-viruses won't be able to rely on application signatures and will start scanning them—this will require additional hardware resources.

  • The only way to update an altered (in essence, corrupted) file is to overwrite it completely. And this, by the way, will require the vaccine to be appended to the file after each update, and that means the vaccine application has to monitor the protected files for changes. And this will require a file operation driver and a self-protection driver.

  • The creation of a vaccine requires considerably more skill on the part of virus analysts working in anti-virus laboratories. If, to create a malware signature, they merely need to find the virus's body, to come up with a vaccine, they will also have to understand how the virus operates and what kind of data it looks for when it examines files.

And here’s the last nail in the coffin: who says viruses always inspect the files they target? If they’re aware of a vaccination, they can start infecting files indiscriminately.

And that’s just the tip of the iceberg—it’s quite possible that using a vaccine could unleash many other problems.

There are vaccines against Trojans too. But those are specific files or markers in various system areas. Their drawbacks are similar to the problems we've described above.

On June 27, security researcher Amit Serper tweeted that there was a guaranteed way to make sure that Petya never encrypts files. Instructions on how to accomplish this were published on many sites on the Web. Doctor Web refutes this statement.

According to the publications, to prevent Trojan.Encoder.12544 from performing its tasks, users need to create the perfc file in C:\Windows. Some articles even offer to run a script for users that will perform this task for them:

Doctor Web claims that taking those security measures against Trojan.Encoder.12544, also known as Petya, Petya. A, ExPetya and WannaCry-2, is ineffective for the following reasons:

  1. The name of the file Trojan.Encoder.12544 uses to make sure it is not launched for a second time depends on the original Trojan filename . Should the attackers change the malware's filename, having perfc in C:\Windows won't save a computer from infection.
  2. And the Trojan will only look for perfc if it has sufficient system privileges.

That is, even if a vaccine is present, the Trojan will be launched anyway!

#Dr.Web #Windows #anti-virus #security #virus #malware #terminology #technologies #digital_signature

The Anti-virus Times recommends

When known viruses numbered in the dozens, vaccines could protect computers from them. But you have to admit that their time has passed. Don't entrust your system's security to ingenious solutions from the past.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.