Your browser is obsolete!

The page may not load correctly.

The workshop

Кухня

Other issues in this category (32)
  • add to favourites
    Add to Bookmarks

Is it a virus or a bug?

Read: 412 Comments: 8 Rating: 9

Wednesday, December 16, 2020

It will learn about them sooner or later, but not right away.

From the issue "About perishability"

There is no such anti-virus that can detect all viruses. Some people think that anti-viruses neutralise all malicious programs as soon as they try to get into a computer — this is a dangerous misconception.

All anti-viruses "catch" a malicious program by relying on rules that describe that particular malware sample, or a particular group of similar malware programs. No detection rules — no detection process. When a cybercriminal comes up with a new virus, detecting it and adding it into the virus databases takes time. What is time required for? It is required for:

  • the virus sample to be detected and delivered to a virus analyst;
  • the virus analyst to analyse the virus and create a detection rule for it;
  • the virus detection rule to be tested for correct detection (to avoid false positives);
  • the anti-virus update to be released and installed by the user.

Users often ask us whether we know of this or that program. The answer is usually "yes, we do" (although there are cases when researchers describe exotic samples that do not occur in a "live" environment and therefore do not have a chance of being analysed by virus analysts — except by those who’ve described them). In addition, each anti-virus company gives their own names to malware programs, and in general, we cannot immediately say the name under which Dr.Web recognises it. We need to obtain this sample to give an exact answer .

It can also happen that another anti-virus detects a file as malicious. And we claim that it is not malicious. Here is a recent example:

Request made by a state corporation 17.09.2020:

Hello,

The Kaspersky Lab anti-virus detects files in the archive as malicious.

And the Dr.Web Anti-virus detects them as "clean".

Please check the file data in the archive more accurately.


The response from Doctor Web’s support service:

Your request has been reviewed. The files sent by you do not pose any threat to the system.

But let's get back to the topic of the issue. There is always a period of time between when a new malware program appears and the anti-virus update containing information about it is released. And this is just one of the reasons why all anti-viruses sometimes miss malware.

What helps avoid system infections when an anti-virus is in use?

  • Using a paid anti-virus because free ones have a limited set of components
  • Regular, on the anti-virus's demand, updating of the virus databases.
  • Using only the current version of an anti-virus.
  • Using an anti-virus that includes an anti-spam and HTTP monitor.
  • Strictly adhering to URL-filter instructions: if it is not recommended that you visit a particular site — never visit it.
  • Do not work on your PC under an administrator account.
  • Regularly back up important files.

#anti-virus #anti_virus_false_positive #myth #anti_virus_updates #technologies

The Anti-virus Times recommends

If you doubt whether it is a virus or a bug — ask us. We can definitely clear up the situation.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments