Need to scanning folders/drives when anti-virus is smart

Modern malware has become very sophisticated. The days when malware was primarily produced by the basement hacker are gone. Todays malware creator is well educated, well equipped, well organized, and well funded. Some governments are funding malware production as a form of terrorism.

In order to fulfill it's mission malware must evade detection. Todays malware author is well aware of how AV software works and has used this knowledge to develop methods of evading detection. One method is to create an army of malware. While each malware soldier is essentially the same infection they are modified so as to have a different signature and look different to AV software. AV software has methods of overcoming this but they are not 100% effective.

Modern AV scanning is smart, but not smart enough to detect all forms of malware. Good security always incorporates multiple layers of protection. Any one layer can be evaded but having multiple layers make this much more difficult.

When doing a file scan the AV product must scan each infectable file because it has no way of knowing which ones might be accessed, or which ones may have been infected since the last scan. Checking the dates of file creation and modification is useless as malware is fully capable of infecting a file while preserving the original date stamps.
 

My Computer My Computer

At a glance

Windows 7 Pro 64 bitXeon W35208 GBNvidia Geforce 210
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Pro 64 bit
CPU
Xeon W3520
Memory
8 GB
Graphics Card(s)
Nvidia Geforce 210
Thank you. Good info.
 

My Computer My Computer

At a glance

Windows 74GB
Computer type
PC/Desktop
OS
Windows 7
Memory
4GB
Internet Speed
1 mbps
Modern malware has become very sophisticated. The days when malware was primarily produced by the basement hacker are gone. Todays malware creator is well educated, well equipped, well organized, and well funded. Some governments are funding malware production as a form of terrorism.

In order to fulfill it's mission malware must evade detection. Todays malware author is well aware of how AV software works and has used this knowledge to develop methods of evading detection. One method is to create an army of malware. While each malware soldier is essentially the same infection they are modified so as to have a different signature and look different to AV software. AV software has methods of overcoming this but they are not 100% effective.

Modern AV scanning is smart, but not smart enough to detect all forms of malware. Good security always incorporates multiple layers of protection. Any one layer can be evaded but having multiple layers make this much more difficult.

When doing a file scan the AV product must scan each infectable file because it has no way of knowing which ones might be accessed, or which ones may have been infected since the last scan. Checking the dates of file creation and modification is useless as malware is fully capable of infecting a file while preserving the original date stamps.
Well along with my post LM I can see we are on the same page mate. I was just thinking this morning it is a bit like going into a library and picking up a red covers book called How to make cake, and you open it up to find it is full of nude pics. So you make a note of that and bypass it. Now you may move on and see another book coloured blue and it is How to make cake by the same author and open it up and it is full of nursery rhymes so you make a mental note and avoid thta book . My point is that you gradually build up a list of books that you want to avoid.

Now the books are outwardly ok but the malware the contents are the guts of it and offends you and you recognizing it (the book) the next time you see it (the heuristics), and your memory of that book is the definition base.
Now as you rightly point out new "books" are written everyday and until someone opens them it will never be known if they are bad or not if found bad then added to the database of malware. So it really does depend a lot on how good your heuristics are because it is just like having a look at every book that is titled How to cook cake and if it looks familiar then the system should then go though the book to see what is good or bad. Now again as you say some "books" can be very cleverly disguised and may slip through.
My concern at the moment is not so much that the threat is coming from software based malware more that it is now being discussed re malware being put into hardware devices such as BIOS chips RAM sticks etc etc by the doping processes that are used too manufacture of transistors for example :(
 

My Computer My Computer

At a glance

Desk1 7 Home Prem / Desk2 10 Pro / Main lap A...Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i...Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop...Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Back
Top