Threaded Mode | Linear Mode

diego · 22/12/2009 08:29 PM

ESET got it as soon as I saved it.

ZiNgA BuRgA · 22/12/2009 08:31 PM

Any *good* AV app shouldn't be relying on instances of certain strings to be present >_>

Joom · 28/12/2009 12:40 AM

Is there any actual anti that does that?

Starfox444 · 28/12/2009 08:43 AM

ZiNgA BuRgA Wrote:Any *good* AV app shouldn't be relying on instances of certain strings to be present >_>

If they don't detect viruses based on their coding, how will they find them?

ZiNgA BuRgA · 28/12/2009 11:42 PM

Am not sure. But an ASCII printable string certainly should not be used to judge whether a virus is one or not. At the very least, it should base judgements on binary strings. I would say that hashing is perhaps more reliable.
Though I've never trusted AV anyway, since it's extremely easy to bypass. With the above example, if that string really is what it looks for, simply changing it gets this "virus" past your AV.

defdock · 28/12/2009 11:49 PM

ZiNgA BuRgA Wrote:Am not sure. But an ASCII printable string certainly should not be used to judge whether a virus is one or not. At the very least, it should base judgements on binary strings. I would say that hashing is perhaps more reliable.
Though I've never trusted AV anyway, since it's extremely easy to bypass. With the above example, if that string really is what it looks for, simply changing it gets this "virus" past your AV.

yeah i changed it and it was undetected. i changed "eicar" to frogg and it didnt pic it up.

Threaded Mode \| Linear Mode Test Your Anti
Author	Message