Other issues in this category (32)
Is it a virus or a bug?
Wednesday, December 16, 2020
It will learn about them sooner or later, but not right away.
From the issue "About perishability"
There is no such anti-virus that can detect all viruses. Some people think that anti-viruses neutralise all malicious programs as soon as they try to get into a computer — this is a dangerous misconception.
All anti-viruses "catch" a malicious program by relying on rules that describe that particular malware sample, or a particular group of similar malware programs. No detection rules — no detection process. When a cybercriminal comes up with a new virus, detecting it and adding it into the virus databases takes time. What is time required for? It is required for:
- the virus sample to be detected and delivered to a virus analyst;
- the virus analyst to analyse the virus and create a detection rule for it;
- the virus detection rule to be tested for correct detection (to avoid false positives);
- the anti-virus update to be released and installed by the user.
Users often ask us whether we know of this or that program. The answer is usually "yes, we do" (although there are cases when researchers describe exotic samples that do not occur in a "live" environment and therefore do not have a chance of being analysed by virus analysts — except by those who’ve described them). In addition, each anti-virus company gives their own names to malware programs, and in general, we cannot immediately say the name under which Dr.Web recognises it. We need to obtain this sample to give an exact answer .
It can also happen that another anti-virus detects a file as malicious. And we claim that it is not malicious. Here is a recent example:
Request made by a state corporation 17.09.2020:
The Kaspersky Lab anti-virus detects files in the archive as malicious.
And the Dr.Web Anti-virus detects them as "clean".
Please check the file data in the archive more accurately.
The response from Doctor Web’s support service:
Your request has been reviewed. The files sent by you do not pose any threat to the system.
But let's get back to the topic of the issue. There is always a period of time between when a new malware program appears and the anti-virus update containing information about it is released. And this is just one of the reasons why all anti-viruses sometimes miss malware.
What helps avoid system infections when an anti-virus is in use?
- Using a paid anti-virus because free ones have a limited set of components
- Regular, on the anti-virus's demand, updating of the virus databases.
- Using only the current version of an anti-virus.
- Using an anti-virus that includes an anti-spam and HTTP monitor.
- Strictly adhering to URL-filter instructions: if it is not recommended that you visit a particular site — never visit it.
- Do not work on your PC under an administrator account.
- Regularly back up important files.
The Anti-virus Times recommends
If you doubt whether it is a virus or a bug — ask us. We can definitely clear up the situation.