Project Alpha
The home of Project Equinox

So you think your anti-virus works for you?!

[Edit]

Posts in This forum
Oliver said on 13:55:32 30-Jan-2015

Here's something rather interesting to consider:

When you go out and buy a new computer, you want to do all you can to protect it. Is that not true? So, you buy a case, maybe a warrenty of some kind and then purchase your favourite anti-virus software, little realising that you could be doing more damage than you think?

What's that you say? "More damage? Wait what?"?

Well, sad to say it seems to be true. Gone are the days that see your anti-virus software get rid of viruses like they should. Some are more complex than this, they monitor the running processes on your system for spurious activity, further clogging up your processing power and memory. Some even check the links that are opening on your software - cute yes, but untimately futile I'm afraid.

But the one thing that bugs me, particularly today as I had to deal with such a thing and was annoyingly oblivious to it until I did a search, is "quarentine". When your system either sees a file that is a viral infection and it either can't disinfect it, or it's too damn lazy to do anything about it, it slaps it into a new directory it generated, possibly for deletion or for later analysis by Norton, McAfee, Kaspersky, Panda, AVG ... whoever!

Ok so this is fine for a keylogger or a file that puts itself in an executable file in some obscure directory that the user will never find but a merciless trawl of a scraping engine will inevitably unearth, read and say "This doesn't need disinfecting", or "I can't disinfect"... "I'll move it to a safe place!"

That works right? If you can't find the file, you can run it ... right? Well, this is true ... but viruses aren't really obliging in what files they hit, attack or damage. So taking out your keylogging file is dandy, but when it takes down, say notepad.exe and it quarentines the file, you could get a little miffed.

Not as miffed I might add as if your explorer.exe gets quarentined! You know? Bye-bye start menu, bye-bye desktop. What's the shortcut to bring up the task manager again? (Make sure and know this one off the top of your head before untoward things happen)

Oh but wait it gets better. Remember I said viruses really don't care what files they hit? Well? The registry has to be stored somewhere right? Whoops! Bye-bye licences to quite a number of applications, how certain extensions are handled, some operating system-critical things we don't even think about on a daily basis...

You think I'm finished? Try it getting viruses found in your system32 directory. Yeah we'll take those DLLs off your hand for interrogation. In the meantime, services such as Control Panel applets, audio management, ActiveX, and Heaven forbid the Windows Management Instrumentation core, which seems to run ... everything these days!

Try taking down NTLDR then. Bye-bye Windows Bootstrap means bye-bye operating system.

Don't just think that because I merely mention Windows in these examples, that UNIX and other kernels, including mobiles (which I can assure you are even worse with their BBLs - I may talk about those later) are exempt. Any operating system that allows you to move key system files around at will are at risk ... especially if they're not symbolically linked, or references aren't updated.

Just ... be careful when an anti-virus software mentions quarentine. This isn't me saying switch it off! This is me saying 'Tell it where your operating system is! Tell it not to quarentine files that if it moves could cause more damage than the virus, 'cause that's probably what it wants in the first place!'

About

Information will appear here

Philosophy

Information will appear here

Contact

+44 (0) 7535 692215
Project Alpha The home of Project Equinox