Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

A little secret

Read: 6872 Comments: 3 Rating: 10

Tuesday, September 11, 2018

Anti-virus companies are known to license their anti-virus engines so that other developers can use their technologies. Companies that become entitled to use someone else's engine sell their products over their own channels and hope that the core technologies they’ve purchased will help maintain sufficient security.

Let's take Bitdefender as an example. The company licenses its anti-virus engine to many other developers. Its customers include Emsisoft, eScan, F-Secure and Lavasoft. And this is where things get weird. Let's pick at random any test that compares how well anti-viruses detect malware:

#drweb

How strange! F-Secure leases its engine from Bitdefender but performs better than Bitdefender itself does. Meanwhile, Emisoft falls behind the majority of test participants. But they use the same engine!

Actually (and we’ve mentioned it before) an engine is not the most important part of an anti-virus. It only deals with files that have already been selected for examination (or sometimes it can receive a piece of code instead of a complete file). Other modules are responsible for discovering something malicious in a system.

#drweb

So many modules! And most of them intercept and analyse some data. Without these components an anti-virus is deaf and blind. But what will happen if someone just buys a good engine and uses their own solution to feed data to the engine?

#anti_virus #tests_of_antiviruses

The Anti-virus Times recommends

Of course, the engine (and the virus databases it uses) is an important part of an anti-virus. It enables the anti-virus to transmit a detected file or a piece of code to the virus databases. However, no anti-virus engine on its own can find a file or code in a system or an application—these things must be delivered to the anti-virus by other modules that actually look for data that for one reason or another needs to be scanned. And if these modules aren't good at that, no virus databases will make the solution effective.

A little secret: these modules are created by the very companies that pay to access someone else's virus databases. And if a company has no work experience under its belt and, thus, no expertise, the upshot is quite predictable. And the discrepancies on the graph attest to that.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments