IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [antivirus]

Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware.

-- Excerpt from wikipedia.

When to use this tag:

  • Question about anti-virus software
  • When talking about virus detection algorithm
  • For online, offline, resident anti-virus questions.
725 questions
41
votes
4 answers

Are there any known cases of antivirus software intentionally sending false alarms?

First things first, I'm not asking this question because of any specific alarm on my PC that I suspect to be false. It's just that from the perspective of the software industry, it would make some sense to implement false alarms every now and then,…
MaxD
  • 503
  • 4
  • 9
9
votes
3 answers

What is the precise difference between a signature based vs behavior based antivirus?

I do not understand very well the difference between signature based vs behavior based antiviruses. Please clarify the distinction between the two.
Karan Bansal
  • 268
  • 1
  • 2
  • 8
6
votes
1 answer

Kaspersky Lab malware faking. How worried should I be?

Well most probably we will never know the truth, but anyway: Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus…
user69377
6
votes
4 answers

How bad is a source code leak for an antivirus?

I was reading that Symantec suffered a source code leak and I was wondering how bad this is for a anti-virus product. Do these products rely heavily upon "(in)Security Through Obscurity" or does it really matter? ClamAV is open source, does this…
rook
  • 47,238
  • 10
  • 96
  • 182
5
votes
5 answers

Could antivirus programs not just scan all files upon creation?

Could antivirus programs not just scan all files as they are created instead of using on access scanning. Would this kind of approach not be much more scure?
Heisenberg
  • 83
  • 3
5
votes
1 answer

Modern version of EICAR test file?

Is there a modern version of the EICAR test file? Something lika a 64 bit EXE? The old 16 bit COM file doesn't even run on modern systems. I usually use some benign file that is detected anyway, like netcat or VNC, but a standard one would be better…
David Balažic
  • 179
  • 1
  • 10
4
votes
2 answers

Does Antivirus upload malware samples from infected computers?

According to Kaspersky, its antivirus software "automatically uploaded [malware samples] to Kaspersky’s specialists for further analysis." Is this common practice for antivirus software? How do they make sure they're not uploading personal files…
ha_1694
  • 53
  • 2
3
votes
1 answer

Methodologies for test & benchmark of Antivirus Software

I want to evaluate a new antivirus product which obviously hasn't undergone the tests by known test labs. So I want to measure its performance in different aspects and come up with common comparisons and measurements that are available for popular…
Silverfox
  • 3,407
  • 2
  • 20
  • 40
3
votes
2 answers

When using a recovery disk, like AVGs boot-able CD, to scan for viruses, malware etc... what are the limitations?

What I like about about the boot-able CD concept, is it can connect to the Internet and get updates, however I'm not clear how effective they are at really finding things that are heuristic? How do heuristic scans even work, if an executable isn't…
beauk
  • 197
  • 1
  • 3
  • 9
3
votes
1 answer

How exactly are new viruses discovered?

When Evil McJones develops Virus X and initiates its propagation, what events must transpire for AV companies (and AV testing/validation companies) to recognize Virus X? This answer to this question gives a brief list of high-level ways the virus…
svidgen
  • 723
  • 5
  • 14
3
votes
4 answers

Can I safely trust my Anti-virus protection?

Recently when I was trying to install a software which didn't happen to be from reputed sources, my anti-virus popped up a warning saying: XYZ-antivirus blocked you from visiting an infected webpage My question here- am I being too paranoid…
pnp
  • 1,808
  • 2
  • 26
  • 42
3
votes
0 answers

ClamAV Bytecode run timed out

I have the following output by ClamAV: Starting a daily scan of /root directory. Amount of data to be scanned is 205M. Starting a daily scan of /var/www directory. Amount of data to be scanned is 121G. LibClamAV Warning: [Bytecode JIT]: Bytecode run…
Francesco Galgani
  • 143
  • 1
  • 4
3
votes
1 answer

Is there any risk in adding exceptions in the antivirus software for paths that are only writable by Administrator?

Sometimes antivirus administrators don't want to add any exceptions for the antivirus software. My question is what is the risk of adding paths that whose permissions are correctly configured to allow only read/write by administrators. In that case…
Eloy Roldán Paredes
  • 1,507
  • 13
  • 26
3
votes
0 answers

How do I update Windows Defender to use old definition files?

I'm attempting to replicate a customer's issue locally. One of the differences is our Windows Defender definition file versions. The current version seems to be 1.269.694.0, and I'm looking for something in the 1.269.4xx.0 range. It is easy to find…
Joel
  • 31
  • 2
3
votes
2 answers

QiHoo 360's antivirus false positive rate

My colleagues recently bought an antivirus,the QiHoo 360 antivirus, for the chinese plant and implemented it on servers and laptops. The anti-virus showed some of the developments files we've been deploying to the chinese server, .bat and some…
Andy K
  • 411
  • 1
  • 3
  • 12
1
2 3 4 5