Rising Sun Downloaders A heads up :Virus's

Graf Paper · 06-04-09, 09:18 PM

Anyone who has ever worked with Assembly programming will tell you that many anti-virus apps will have a nuclear meltdown over many common code subroutines.

Things like certain Registry edits, process hooking, DLL code injection, and heap insertions are all flagged by most anti-malware apps. The reason being that such legitimate functions are also used by malware. Unfortunately, this means you can't blindly trust any anti-malware app and have to be more tech-savvy to help weed out the mistakes.

False-positives have always been the Achilles' heel of anti-malware programs, especially when you have them set to use "Heuristic" scans for virus-like activity. That will increase false-positives by as much as 500%. Malware is hardly ever caught by using heuristic scans, so switching it off won't reduce your security level that much and save you some "Chicken Little" moments over many false-positives.

The method of using "signatures", code snippets as an identifying fingerprint, used to be very reliable but malware coders have gotten very resourceful in exploiting common kernel functions while anti-malware programmers have gotten lazy or too cautious by blanketing entire classes of legit kernel-level functions when creating these signatures. As a result, even signature-based scans will return a false-positive 2-3% of the time, on average.

You have to separate all the hype and business gimmicks from the facts and realize that no security app is bullet-proof or idiot-proof.

Anti-virus software has gotten so "dumbed-down" and intrusive that using it is almost as bad as the viruses they're meant to stop. All anti-virus software will slow down your system and reduce available resources. It's a trade-off for the protection you feel you need. Some are worse than others, where system performance is concerned. A few can also cause conflicts with software or games while a couple of well-known names can even break Windows.

I miss the days when shutting down your anti-virus software meant it really was shut down and not just hiding the GUI while it still has three or more processes running in the background. I also miss having the freedom to only enable the features you wanted instead of having no choice at all over some features.

As the saying goes, "Caveat Emptor", and it has never been more true than it is where computers and software are concerned.

06-04-09, 09:18 PM	#39
Graf Paper Ace of the Deep Join Date: Jan 2008 Location: Pacific Northwest United States Posts: 1,146 Downloads: 41 Uploads: 2	Anyone who has ever worked with Assembly programming will tell you that many anti-virus apps will have a nuclear meltdown over many common code subroutines. Things like certain Registry edits, process hooking, DLL code injection, and heap insertions are all flagged by most anti-malware apps. The reason being that such legitimate functions are also used by malware. Unfortunately, this means you can't blindly trust any anti-malware app and have to be more tech-savvy to help weed out the mistakes. False-positives have always been the Achilles' heel of anti-malware programs, especially when you have them set to use "Heuristic" scans for virus-like activity. That will increase false-positives by as much as 500%. Malware is hardly ever caught by using heuristic scans, so switching it off won't reduce your security level that much and save you some "Chicken Little" moments over many false-positives. The method of using "signatures", code snippets as an identifying fingerprint, used to be very reliable but malware coders have gotten very resourceful in exploiting common kernel functions while anti-malware programmers have gotten lazy or too cautious by blanketing entire classes of legit kernel-level functions when creating these signatures. As a result, even signature-based scans will return a false-positive 2-3% of the time, on average. You have to separate all the hype and business gimmicks from the facts and realize that no security app is bullet-proof or idiot-proof. Anti-virus software has gotten so "dumbed-down" and intrusive that using it is almost as bad as the viruses they're meant to stop. All anti-virus software will slow down your system and reduce available resources. It's a trade-off for the protection you feel you need. Some are worse than others, where system performance is concerned. A few can also cause conflicts with software or games while a couple of well-known names can even break Windows. I miss the days when shutting down your anti-virus software meant it really was shut down and not just hiding the GUI while it still has three or more processes running in the background. I also miss having the freedom to only enable the features you wanted instead of having no choice at all over some features. As the saying goes, "Caveat Emptor", and it has never been more true than it is where computers and software are concerned. __________________ Still sailing the high seas, hunting convoys with those who join me.