A False Sense Of Security : AntiVirus Part I
It's become apparent to me that many people have a false sense of security with AntiVirus. I've read LinkedIn questions asking "What is the best AntiVirus for my home computer?" and even worse I read suggestions from people touting that AVG free is an acceptable solution.
Today's post takes a look at Anti Virus.
"Are you really secure?" asks David Rook who has a good write up on the same topic. In his blog Dave Hex Edits an old trojan to bypass AV trivially. What's troubling is that known viruses can evade AV largely based on thier "signature" detection design. Signature based detections work on a superficial level. They make a comparison between a block of code from a know virus and bang it up against the file being scanned. If there is a match / partial match / etc, the program may be flagged as a virus.
We have seen from David Rooks post that many anti viruses were defeated by a simple byte change in a hex editor. What other ways have anti viruses been beaten and what does that mean for the consumer?
So, I took inventory of what tools would be nessesary. A Hex Editor, a Debugger (Ollydbg) / (Windasm32), A Packer or two (UPX) and Code Pervertor.
The suprising results are to be included in Part II.
Tell me what you think?
Enjoy this article?
Live Chat
Recent Posts
- Mute Screamer (PHPIDS for WordPress)
- TDL3 The Worst Best Rookit Ever
- “Priority Domain Availability Notice”
Archives
Related Sites
Follow Us!
Log In
Translate
