Wednesday, 8 November 2017

Why antivirus is not your friend

The title is a little provocative I admit, but the antivirus can actually have negative sides .
Let's start with the benefits of antivirus:
The antivirus starts when you start your computer, it starts before other programs with "Filter Driver" to choose the boot order. For example, it allows you to start the keyboard and mouse processes before others.
It protects your PC immediately and until you turn it off.

How does it protect your PC?

Antivirus can scan files on your computer when they are created, renamed, executed, or when you want to run a global scan. It creates and compares a unique signature to each file with a database containing the signatures of the infected files. You understand, if he finds that a signature is in the database, it launches the alert.
From there, we know that the files do not escape the antivirus and it remains only to hope that the latter contains a maximum of signatures in its database.
You can also scan a file directly with several antiviruses on VirusTotal .
Antiviruses also use other methods such as heuristic detections.
This is to determine suspicious behavior if you do not have a corresponding signature in the database. Thus, if the program tries to delete files from the system or replicate 100 times, it is considered suspicious and the antivirus launches the alert.
I quickly pass the other benefits of antivirus such as integrated firewall, real-time web scans, secure runtime environments etc ... In short, you are clearly protected with an antivirus and an up-to-date firewall. It is therefore absolutely necessary to install one. It's like going out in the snow at -15 ° C all naked, so do not worry about getting sick afterwards. Antivirus plays the role of the mantle and drugs of last resort.

Why do not they protect you 100%?

Know that it is possible to make a program undetectable when it was .
From that moment on, the whole part on the scans collapses. It is indeed possible to modify part of the source or binary code of a program to change its signature without changing its behavior . There are even programs called Crypters to make this code change automatically to make it undetectable.


The heuristic detection part also has limits because it is possible to pass a malicious program for a legitimate program by renaming it, by changing the icon (by copying an icon of an existing program) etc ... Moreover the opposite direction can occur a legitimate program may be detected as suspicious for carrying out a particular action. It is therefore in the interest of the antivirus publisher to properly regulate this type of detection. Anyway it is easy to get a suspicious program for a completely legitimate program. The heuristic part also collapses.

Conclusion

We have seen that antivirus is essential because it will stop the traditional threats that constantly weigh on users. That said, do not give blind trust to your antivirus because someone who specifically targets you to skip the cracks of your antivirus even if you naively believe to be protected.
This is why antivirus is not your friend, at least not really because they should not make you relax your attention. Never.

1 comment:

  1. Are you interested in the service of a hacker to get into a phone, facebook account, snapchat, Instagram, yahoo, Whatsapp, get verified on any social network account, increase your followers by any amount, bank wire and bank transfer. Contact him on= hackintechnology@gmail.com +12132951376(WHATSAPP)

    ReplyDelete