Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need to scanning folders/drives when anti-virus is smart

08 Oct 2013   #21
LMiller7

Windows 7 Pro 64 bit
 
 

Modern malware has become very sophisticated. The days when malware was primarily produced by the basement hacker are gone. Todays malware creator is well educated, well equipped, well organized, and well funded. Some governments are funding malware production as a form of terrorism.

In order to fulfill it's mission malware must evade detection. Todays malware author is well aware of how AV software works and has used this knowledge to develop methods of evading detection. One method is to create an army of malware. While each malware soldier is essentially the same infection they are modified so as to have a different signature and look different to AV software. AV software has methods of overcoming this but they are not 100% effective.

Modern AV scanning is smart, but not smart enough to detect all forms of malware. Good security always incorporates multiple layers of protection. Any one layer can be evaded but having multiple layers make this much more difficult.

When doing a file scan the AV product must scan each infectable file because it has no way of knowing which ones might be accessed, or which ones may have been infected since the last scan. Checking the dates of file creation and modification is useless as malware is fully capable of infecting a file while preserving the original date stamps.


My System SpecsSystem Spec
.
08 Oct 2013   #22
Kurdishboy

 
 

Thank you. Good info.
My System SpecsSystem Spec
08 Oct 2013   #23
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Quote   Quote: Originally Posted by LMiller7 View Post
Modern malware has become very sophisticated. The days when malware was primarily produced by the basement hacker are gone. Todays malware creator is well educated, well equipped, well organized, and well funded. Some governments are funding malware production as a form of terrorism.

In order to fulfill it's mission malware must evade detection. Todays malware author is well aware of how AV software works and has used this knowledge to develop methods of evading detection. One method is to create an army of malware. While each malware soldier is essentially the same infection they are modified so as to have a different signature and look different to AV software. AV software has methods of overcoming this but they are not 100% effective.

Modern AV scanning is smart, but not smart enough to detect all forms of malware. Good security always incorporates multiple layers of protection. Any one layer can be evaded but having multiple layers make this much more difficult.

When doing a file scan the AV product must scan each infectable file because it has no way of knowing which ones might be accessed, or which ones may have been infected since the last scan. Checking the dates of file creation and modification is useless as malware is fully capable of infecting a file while preserving the original date stamps.
Well along with my post LM I can see we are on the same page mate. I was just thinking this morning it is a bit like going into a library and picking up a red covers book called How to make cake, and you open it up to find it is full of nude pics. So you make a note of that and bypass it. Now you may move on and see another book coloured blue and it is How to make cake by the same author and open it up and it is full of nursery rhymes so you make a mental note and avoid thta book . My point is that you gradually build up a list of books that you want to avoid.

Now the books are outwardly ok but the malware the contents are the guts of it and offends you and you recognizing it (the book) the next time you see it (the heuristics), and your memory of that book is the definition base.
Now as you rightly point out new "books" are written everyday and until someone opens them it will never be known if they are bad or not if found bad then added to the database of malware. So it really does depend a lot on how good your heuristics are because it is just like having a look at every book that is titled How to cook cake and if it looks familiar then the system should then go though the book to see what is good or bad. Now again as you say some "books" can be very cleverly disguised and may slip through.
My concern at the moment is not so much that the threat is coming from software based malware more that it is now being discussed re malware being put into hardware devices such as BIOS chips RAM sticks etc etc by the doping processes that are used too manufacture of transistors for example
My System SpecsSystem Spec
.

Reply

 Need to scanning folders/drives when anti-virus is smart




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD after anti-virus scanning home drive
Been having problems after scanning root drive with bitdefender resulting in bsod. I have loaded the bsod results. Ran INTERNAL repair on BITDEFENDER believing therer to be an issue. Same issue re-occurred. Ran seperate KASPERSKY seperate scan tool-same thing.
BSOD Help and Support
Is the scanning by one anti-virus sufficient?
Hi all, When a machine (say, a windows machine) is suspected to be infected by malware, is it sufficient to scan it by only one anti-virus (for example, by Kaspersky) or we should scan that machine with multiple anti-viruses? thanks.
System Security
BSOD 00x50 vipre anti-virus conflicting with new anti-virus
I did a bonehead move of installing PC tools anti-virus before uninstalling vipre on my wife who's out of town. The kids infected it playing flash games. long story short, Her Gateway (win7 home premium) is on a a start-up loop. All I can get to work with a recovery disk is get into the DOS prompt...
BSOD Help and Support
Anti-malware, Anti-virus, Anti-spyware
First of all i would like to apologize if this topic is in wrong category, or it should not even be asked on this site. And second of all, please be patience :) i'm a noob looking for answers :o So whats all about? Well i'm meeting new terms here and i have no idea what they mean and what they do....
System Security
Fake anti-virus starts "scanning" but reboots PC
Hey guys I was playing League of Legends today when my laptop all of a sudden shutted down and rebooten itself. No big deal I was saying to myself, there was no BSOD or anything else to notify except from the suspect "self reboot". Well now, about 4 hours later I was still playing League of...
System Security
How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)
How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections) Source ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:02.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App