Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

Watch out for fake anti-viruses

Read: 1514 Comments: 2 Rating: 12

Tuesday, February 6, 2018

"Nothing can ever miraculously be created out of nothing"

Lucretius: On the Nature of Things, 1, 251

It takes years or even decades for an anti-virus laboratory to mature. People who possess the set of skills required to become competent virus analysts are hard to find. There’s no way to quickly set up an effective anti-virus laboratory from scratch and without making considerable investments. And yet anti-virus companies, IT security enthusiasts and sometimes virus makers themselves upload malware samples to virustotal.com! So the question arises: is it, perhaps, more expedient to use the fruits of someone else's labour rather than commit resources to one's own research, and to utilize virus signatures that have been provided by another company? Would it be better to get a license for another anti-virus's engine and/or virus databases and then use them in your product?

Indeed, some information security solutions are created this way. They are cheaper, easier to design and maintain, and sometimes appear to be more efficient… But they are also far less effective. Of course, products of this kind are able to find their niche in the market—many people don't take information security seriously and choose to economise by limiting themselves to a basic set of features. But in this case, no one should expect to have adequate system protection. When an outbreak (such as the WannaCry attack) occurs, every minute counts—and only a company with an in-house virus laboratory can promptly respond to the threat. Furthermore, virus analysts who examine malware samples every day also help improve preventive protection routines to thwart unknown programs whose signatures aren't in the databases yet. WannaCry managed to infect over 200,000 computers across the world but, from the outbreak's outset, was blocked by the Dr.Web heuristic analyser. Products whose design doesn't derive from the developer's own research don’t understand the inner workings of the newest threats and can't neutralise them effectively.

Even a first-year university student can craft a pseudo anti-virus based on someone else's labour. Here is an example: a Doctor Web security researcher got curious about how an "anti-virus" for Android was promptly developed in a neighbouring country after Russian anti-virus software was prohibited there under the sanctions. Subsequent research showed that the product could only calculate the checksums of files and compare them against data that had presumably been acquired from virustotal. It performed no other security functions whatsoever.

#anti-virus #security #Android

The Anti-virus Times recommends

  • If a security solution doesn't incorporate an in-house engine or virus database but rather borrows them from someone else, think twice. Even if, for example, its scanner appears to be more efficient than a similar component from the company whose databases it uses, its inability to neutralise brand new threats shows that it is unlikely to maintain sufficient security.
  • If it uses no databases at all, it means that it disregards security routines that have been in use for decades and at some point were the most important and only means of system protection. Security of this kind can hardly be called reliable, but some companies advertise these sorts of products as anti-viruses.

Beware of counterfeit products!

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments