No more safety without AntiVir !! Is it the only one ?

Yes you are right, and I agree on that, but the problem with Themida is because it is a commercial packer and very easy to use, so any bad kid can use it to make hundreds of undetectable malwares from even commercial key loggers and remote admin progs.

Other tools are not for any one. aslo you need to use at least two or more packers to make a hard detectable malware, even in this case you have to test your new malware with each scanner to be sure it is undetectable and the result may force you to change the way, the type, and the number of packers you used ..... then try again ... etc. i.e it is a very difficult method while on the other hand you have to use only Themida with afew mouse clicks to creat undetectable malware by the majority of scanners.

 

good for you, but hurry up

I don't work for unknowns ,if you give a name I may rethink

 

I think not until the next version if they worked hard.

 

Themida simply protects the area in memory in which the malware or any other themida encrypted file works, so it is impossible for any program to read this memory area except if the program has a special way to pass through this protection, and this penteration of themida protection is what AntVir handled with success.

For example : NOD32 and KAV accept Themida encrypted Biforse trojan running in the memory very happily.

 

Quite true. Between new methods of packing/encrypting (or unorthodox uses of older methods), keeping up is almost an excercise in futility. I gave up on signature based detections. Too many ways to avoid detection with new ones coming out, such as Themida. Now that there's one such packer/encrypter, there'll soon be more of them, and even more for the AVs to deal with.

dah145
I wan't trying to make something that was undetectable. That was just a quick run with an existing malware. Yes, there's a good chance that an AV would detect it when launched, assuming its first task isn't killing the AV. My point was a much simpler one. That was just to show how easy it is to get malware onto a system undetected. That's half the battle, leaving one chance for the AV to catch it, during it's launch. None of the AVs catch everything when it isn't encrypted. Encryption just makes odds worse.
Rick

 

Metting,
Thanks for answering my question.

 

Yes this is disturbing, the only thing you can hope is that a HIPS might be able to save your ass, but of course a HIPS relies on user input, so you need to know a bit about what´s normal behaviour and not. Sandboxing would be another solution, but often some apps won´t run if sandboxed. But signature based solutions are just not good enough nowadays, that´s a fact.

 

I'm concerned about this from another angle

i legitimately protect my software with themida. if AV products work out how to bypass themida encryption to check for viruses then the protection for my software is also breached. my code is then wide open to piracy