Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (34)
  • add to favourites
    Add to Bookmarks

Hey, I know these guys!

Read: 727 Comments: 3 Rating: 8

This sensational news report caught our attention recently:

Companies are rushing to purchase next-generation anti-virus solutions as well as software capable of detecting attacks involving bodiless malware. However, some of these companies may lack the expertise to use the tools they’ve acquired.

http://safe.cnews.ru/news/top/2018-07-18...

With over a quarter of a century of anti-virus-software-development experience under our belts, our curiosity was piqued: what are these next-generation solutions and tools capable of detecting cyberattacks involving bodiless malware? Perhaps, we got stuck in the previous century and have some catching up to do?

In any case, let us mind you that a bodiless malicious program is not some unearthly, ethereal being that leaves no traces behind in infected systems. No, it's just an ordinary Trojan, but it doesn't store its payload in a file, but in a branch of the registry (which, in fact is also a file), or it extracts its malicious code from another file before it is executed.

The malware creates several registry entries: one of them contains its encrypted body, while the other is a script that decrypts it and loads it into the memory. The names of these entries contain special characters that prevent the registry editor from displaying them.

#drweb

https://news.drweb.com/show/?i=10003&lng=en

Naturally, the more evasion techniques malware uses, the harder it becomes to detect it. But none of those techniques can make malware impossible to detect.

Despite the fact that Trojan.Kovter tries to operate secretly on an infected machine, scanning the computer with Dr.Web rids systems of this infection.

But let's get back to the news post. Here is the original article. Let's compare the texts:

The source:

Additionally, 49% have malware-less attack detection, but 38% have not implemented the capabilities.

So we are not talking about bodiless malware but about attacks that involve no malware whatsoever. So this is how hot news topics emerge and security researchers begin to talk about new trends.

Well, then what about the next-generation anti-virus solutions?

Enhanced analysis and automation. Next-generation products will not only use machine learning but also be able to detect abnormal behaviour patterns.

"Abnormal behaviour patterns”? We've already heard about this one!

#anti-virus #technologies

Dr.Web recommends

As far as next-generation anti-virus solutions are concerned:

#drweb

If you look through the features list, you will realise that application and Internet access control, as well as behaviour monitoring, are already available in modern anti-viruses.

I think that we already mentioned that "anti-virus killers" appear quite regularly, but eventually the technologies they use become part of the anti-viruses they are supposed to supersede. A similar thing may happen to popular event-monitoring and analysis projects like SIEM, EDR, and others. In any case, some people have already started referring to these systems as anti-virus solutions.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments