New
#21
Modern malware has become very sophisticated. The days when malware was primarily produced by the basement hacker are gone. Todays malware creator is well educated, well equipped, well organized, and well funded. Some governments are funding malware production as a form of terrorism.
In order to fulfill it's mission malware must evade detection. Todays malware author is well aware of how AV software works and has used this knowledge to develop methods of evading detection. One method is to create an army of malware. While each malware soldier is essentially the same infection they are modified so as to have a different signature and look different to AV software. AV software has methods of overcoming this but they are not 100% effective.
Modern AV scanning is smart, but not smart enough to detect all forms of malware. Good security always incorporates multiple layers of protection. Any one layer can be evaded but having multiple layers make this much more difficult.
When doing a file scan the AV product must scan each infectable file because it has no way of knowing which ones might be accessed, or which ones may have been infected since the last scan. Checking the dates of file creation and modification is useless as malware is fully capable of infecting a file while preserving the original date stamps.