topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:26 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Antivirus bypassed with 10 lines of code  (Read 3407 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Antivirus bypassed with 10 lines of code
« on: March 24, 2016, 12:53 PM »
Bypassing Antivirus With Ten Lines of Code or (Yet Again) Why Antivirus is Largely Useless

I don't know enough in this particular field to say whether this is bogus or not.  Anyone with more knowledge want to comment?

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Antivirus bypassed with 10 lines of code
« Reply #1 on: March 24, 2016, 03:52 PM »
I am not versed in the field.  But what the article seems to say is that signature AV detectors are able to be bypassed by storing the malware in the exe image in a form that does not match the signature.  So if something simple like XORing each byte with the character 'x' to encrypt it, fools the AV then other stuff like compression with a password should too I would think.

He does note that heuristic detection is another matter.  Meaning watching the code execute and getting suspicious if it does stuff like rewrite the registry in ram or whatever.

All this stuff getting us away from doing things in a straight ahead manner is getting depressing.  I am convinced that all the stupid password requirements(for online accounts as example) are designed to get users to lock themselves out of their own accounts.  I mean if online banking is being penetrated by dictionary attacks it means they have no security and are letting bots attempt hundreds of logons per second.  At least to my way of thinking.

It seems to me like security for the sake of selling more security.  In the end your identity is still stolen if someone has your SSN and all the rest is crap.  They should just pass a law that malware vendors put a comment in the header "THIS IS MALWARE" so we don't have to keep updating databases every day.  :)


Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Antivirus bypassed with 10 lines of code
« Reply #2 on: March 24, 2016, 03:55 PM »
I wonder how many news articles which "surprisingly" find out that anti-virus software does not work are required until people finally stop financially supporting the scareware developers.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Antivirus bypassed with 10 lines of code
« Reply #3 on: March 29, 2016, 03:57 PM »
I wonder how many news articles which "surprisingly" find out that anti-virus software does not work are required until people finally stop financially supporting the scareware developers.

This result helps make the point.  I use Nir Sofer's utilities all the time.  Just for grins I VirusTotaled the latest NirLauncher.  The results would scare the hell out of anyone who didn't know better:

https://www.virustot...analysis/1459267468/