22/12/2009, 08:29 PM
22/12/2009, 08:31 PM
Any *good* AV app shouldn't be relying on instances of certain strings to be present >_>
28/12/2009, 12:40 AM
Is there any actual anti that does that?
28/12/2009, 08:43 AM
ZiNgA BuRgA Wrote:Any *good* AV app shouldn't be relying on instances of certain strings to be present >_>
If they don't detect viruses based on their coding, how will they find them?
28/12/2009, 11:42 PM
Am not sure. But an ASCII printable string certainly should not be used to judge whether a virus is one or not. At the very least, it should base judgements on binary strings. I would say that hashing is perhaps more reliable.
Though I've never trusted AV anyway, since it's extremely easy to bypass. With the above example, if that string really is what it looks for, simply changing it gets this "virus" past your AV.
Though I've never trusted AV anyway, since it's extremely easy to bypass. With the above example, if that string really is what it looks for, simply changing it gets this "virus" past your AV.
28/12/2009, 11:49 PM
ZiNgA BuRgA Wrote:Am not sure. But an ASCII printable string certainly should not be used to judge whether a virus is one or not. At the very least, it should base judgements on binary strings. I would say that hashing is perhaps more reliable.
Though I've never trusted AV anyway, since it's extremely easy to bypass. With the above example, if that string really is what it looks for, simply changing it gets this "virus" past your AV.
yeah i changed it and it was undetected. i changed "eicar" to frogg and it didnt pic it up.