ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Antivirus bypassed with 10 lines of code

(1/1)

wraith808:
Bypassing Antivirus With Ten Lines of Code or (Yet Again) Why Antivirus is Largely Useless

I don't know enough in this particular field to say whether this is bogus or not.  Anyone with more knowledge want to comment?

MilesAhead:
I am not versed in the field.  But what the article seems to say is that signature AV detectors are able to be bypassed by storing the malware in the exe image in a form that does not match the signature.  So if something simple like XORing each byte with the character 'x' to encrypt it, fools the AV then other stuff like compression with a password should too I would think.

He does note that heuristic detection is another matter.  Meaning watching the code execute and getting suspicious if it does stuff like rewrite the registry in ram or whatever.

All this stuff getting us away from doing things in a straight ahead manner is getting depressing.  I am convinced that all the stupid password requirements(for online accounts as example) are designed to get users to lock themselves out of their own accounts.  I mean if online banking is being penetrated by dictionary attacks it means they have no security and are letting bots attempt hundreds of logons per second.  At least to my way of thinking.

It seems to me like security for the sake of selling more security.  In the end your identity is still stolen if someone has your SSN and all the rest is crap.  They should just pass a law that malware vendors put a comment in the header "THIS IS MALWARE" so we don't have to keep updating databases every day.  :)

Tuxman:
I wonder how many news articles which "surprisingly" find out that anti-virus software does not work are required until people finally stop financially supporting the scareware developers.

MilesAhead:
I wonder how many news articles which "surprisingly" find out that anti-virus software does not work are required until people finally stop financially supporting the scareware developers.
-Tuxman (March 24, 2016, 03:55 PM)
--- End quote ---

This result helps make the point.  I use Nir Sofer's utilities all the time.  Just for grins I VirusTotaled the latest NirLauncher.  The results would scare the hell out of anyone who didn't know better:

https://www.virustotal.com/en/file/88bdeb8e99376751e689d1ce1ae8b092d0dad924ceca8512755f38b040369de4/analysis/1459267468/

Navigation

[0] Message Index

Go to full version