First , I am using AVs/AMs , thats to be clear that I am not against using it, So , the point is , many AVs/AMs today include some kind of protection other than the traditional signature based protection , thats nice , but .. this is my own experiance .. Lets start with the last one, when I was helping someone close to me doing some kind of university project , and one of its elements was to try to make a tool/technique to hack social media accounts, I was very nervous as I didn't try to do that before and I thought it will be very hard to do. But when I finished I realized that it was very simple process , I used some "clean" and "innocent" tricks , I used also some kind of portable widely used utilities , pack it with my package , let it all communicate in a way that even FWs will not detect it ( using the browser on user request! .. without exploiting or injecting anything ) , and thats it ! I managed to make ( for demonstration ) some kind of social account hacking tool in away that even a top scored AV , and some other security tools ( a FW , a Keystoke encryption tool , a Sandbox ) did not detect or stop its functions .. And in the past , I remember I made ( for fun ) a testing tool that managed to work and function in a very popular AV/AM lab but they didn't detect it and said that it is not harmful or something like that !! I am not talking about hard tricks to fool and bypass AVs/AMs , I used very simple and straight forward techniques , and it worked ! So , the thing I want to say here , is AVs/AMs ( and maybe others ) focusing on hard/professional hacking tricks/techniques and leave the simple/straight-forward ways opened and not secured ? Abdullah
