From what I understand, AVs usually check a file’s hash in their database. This seems logical for viruses that spread from computer to computer, as multiple people having the same file would report the same effect.
But how about legitimate software used maliciously? Like a backup program that regularly uploads your file? Keyloggers? Or a virus that changes its own hash? Now that I think about it, I’ve written several codes that could’ve easily turned into a virus and weren’t detected.
Do AVs actually do a good job at keeping your computers safe or do they just stop the commonly found viruses?
In: 2
There are two general way of detecting a virus, signature, which you hint at check the hash against a database. This works well against known virus, and it is why you need to keep updating the virus database.
The second is behavioral, is a program doing something it shouldn’t? This is much harder to do well, is the backup program uploading files it’s supposed to or has it been hijacked?! While difficult we are starting to see more and more systems use this in addition to signature based detection.
> Do AVs actually do a good job at keeping your computers safe
Yes, modern up to date AV software is really good at what it does. It of course is never 100%.
It is always hard to protect against the unknown or user actions.
Latest Answers