From what I understand, AVs usually check a file’s hash in their database. This seems logical for viruses that spread from computer to computer, as multiple people having the same file would report the same effect.
But how about legitimate software used maliciously? Like a backup program that regularly uploads your file? Keyloggers? Or a virus that changes its own hash? Now that I think about it, I’ve written several codes that could’ve easily turned into a virus and weren’t detected.
Do AVs actually do a good job at keeping your computers safe or do they just stop the commonly found viruses?
In: 2
Latest Answers