Bypass bitdefender, bypass the others?

Discussion in 'other anti-virus software' started by LunarWolf, Jun 15, 2014.

Thread Status:
Not open for further replies.
  1. LunarWolf

    LunarWolf Registered Member

    Joined:
    Jan 4, 2011
    Posts:
    203
    Location:
    Malaysia
    I have a question. Nowadays alot of AV uses Bitdefender engine. So if an attacker, is able to bypass Bitdefender, they are able to bypass the others right?

    So the only defense left for the other enigines are their own heuristics, behaviour blocker, whitelisting, engine and etc right?
     
  2. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    When you say bypass do you mean it as a missed detect or an exploit that targets the BD engine that allows malware to install?

    If a sample is missed by Bitdefender it is all up to the other security engines in the product to keep the computer safe. So far I believe its very rare for an AV product to use the Bitdefender engine and not add their own security touch. F-Secure adds their own detection engine and deepguard to look for malware, Lavasoft adds their own Anti-Malware Engine ontop of BitDefender.

    If you were saying about an exploit I am not 100% sure. If the exploit targeted the engine it could very well be possible if the program licensing the BD engine used a file that contained the vulnerability but its been a while since an exploit targeted an AV program.
     
  3. LunarWolf

    LunarWolf Registered Member

    Joined:
    Jan 4, 2011
    Posts:
    203
    Location:
    Malaysia
    I meant is the malware authors create a specific malware to evade bitdefender's detection (engines, technologies, those things)
    So if it can evade detection by BD, then will the BD engine use by other product fail in detecting it?
     
  4. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Not sure, but on many malware websites, there are loads of malware for sale that advertise their ability to bypass certain AVs.
     
  5. Rohugh

    Rohugh Registered Member

    Joined:
    Apr 6, 2014
    Posts:
    56
    How long is it though before the AV companies deal with such malware? I am sure The AV companies read those websites as well so will be well aware of what to look for and with regular and/or definition updates block them before they have chance to do harm.
     
  6. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Malware writers are always ahead of the game, AVs play catch up.
     
  7. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    700
    Location:
    North of the 38th parallel.
    Hello LunarWolf:

    Just because a particular on-access Anti-Virus and/or Anti-Malware engine's instantaneous signature database use fails detection, and malware is absorbed by a system, later database updates would likely detect the malware upon execution as long as it doesn't continually morph. The same should hold true for subsequent on-demand scans. Such could be the case with exploits, in the wild, of a truly new nature.

    Yet too, that same malware must also elude the behavioral detections brought about by ever improving heuristics in the better grades of A-V, A-E & A-M engines.

    HTH :)
     
    Last edited: Jun 18, 2014
  8. nsm0220

    nsm0220 Registered Member

    Joined:
    Aug 30, 2013
    Posts:
    138
    Location:
    USA
    they can claim it but its mostly hogwash expert for the cypolocker malware family
     
  9. guest

    guest Guest

    AVs which use BD's engine are usually hybrid AVs (using multiple engines) anyway.
     
  10. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Most of them only use it because they're unwilling and/or unable to develop any effective technology themselves, ending up playing to malware writers' hands. You can count with one hand the vendors who actually know what they're doing as it is, and even fewer BD/Avira clones.
     
  11. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    It just goes to show that you cannot rely on virus definitions alone.
    There needs to be other security software to prevent infection or to limit their spread like hips, Limited rights etc
     
  12. guest

    guest Guest

    Indeed, but market share doesn't think so.
     
  13. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    Antivirus software based on definitions is easier for novices to understand.
    There are sadly more people who dont understand security than do.

    Hence the market pandas to the largest collection of people and thus money.
     
Loading...
Thread Status:
Not open for further replies.