4 Detection Methods of Antivirus used Today. An Explanation?

Discussion in 'other anti-virus software' started by ultragunnerdcl, Nov 20, 2007.

Thread Status:
Not open for further replies.
  1. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The thing is Avira's unpacking support is poor. I remember Stefan commenting once that Avira will not be considering adding unpacking support for AntiVir, opting instead to go for packer detection.

    Well, that's where my curiosity lies.

    Unless you add signatures for every repacked variant of the malware, I'm not seeing how you can accurately identify which variant of the malware it is (in fact, you won't even know if it's malware, all you can see is the packer), and how the cleaning process should be handled. Am I missing something?
     
  2. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Why, of course we have and add unpacking.

    And you can clean malware without knowing the exact variant, non-infectors. What's so special about that?
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Okay.

    Again, could you be more specific about that? It seems kind of pointless to just repeat the same statement over and over without any further elaboration, especially when I've voiced which parts about it that I don't understand.

    Or does your definition of "clean" involve just deleting the target file, end of story?
     
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    Maybe an algorithm in which references to the filename are searched for in the essential reg keys and "bad" keys are deleted? :) o_O
     
  5. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Packer detection is not all bad. Some packers were designed specifically for malware and shouldn't be used for anything else (Morphine for example) while detecting stuff based on UPX is kinda futile. And also as Stefan said, you may detect packer in the first line and balance it out by looking for other characteristics like file size, other suspicious factors and when you do all the +/- AV engine decides whether it's "worth" warning the user or not.
    Packer detection as some of you might know from the past is long gone today...
     
  6. Ghostcloak

    Ghostcloak Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    27
    Location:
    New York, USA
    I dont get it? What is packer detection by the way? How different is it from heureticso_O??
     
  7. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    617
    Location:
    Surabaya Indonesia
    packer detection detects runtime packer on executable files especially packer that mostly used by malware creator.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.