Changing the system date kills KAV dead

Yeah at that moment it was like being back at school again at lunchtime and your lunchbox turns up missing.

I can imagine though all those unfortunate peeps over the years and especially on 98/Me who had their program collections completely wiped away in an instant of time from some destroyer virus like that. I was luckier in that i kept those samples on that old lappy.

 

(more, please) In fact I had probably similar expression on a similiar occasion a few years ago on a Win98 system. I believe most people here on Wilders have a horror tale or two to tell.

 

It's KAV's HIPS. Sure it needs urgent improvement, because it's prevention rate tested so far was only 99 %/100 %, when the best antivirus competitors are already too close with about 53 % detection by their heuristics. You can get the test results from here behind the "Comparatives" selection line.

Best regards,
Firefighter!

 

Wow. That's impressive. I just hope it performs as well when it's rendered inactive by a system date change.

 

Just out of curiousity, who here has had a virus in recent times that has affected the system date?

 

I willing to bet that nobody here has had it happen, and it may not be so easy to achieve as is being suggested. If KAV could be knocked out that easily I'm pretty sure something would be done to remedy the situation.

As for those Reg keys, I only mentioned them 'cos another poster talked of Reg protection, I think it would only be a partial solution at best to add them because it would depend how the attack was implemented. One of the Keys for example determines the server from which you get synchronization of your clock (by default it should be time.windows.com), so if it was changed to a hostile site I'm guessing that it might be possible to set the clock back that way, but I don't know how practical that would be.

 

If you set the clock back that way and render KAV's defenses off as suggested by solcroft that could be very practical indeed.

 

Damn,even I can read the time and date on a computer,lol.

 

Well, directy attacking KAV6 would trigger PDM and Self-Defense, but tricking system date this way is an indirec attack and as such it would go undetected...

 

Hello RejZoR:

Yes. By KAV's engines. But this thread seems to have point as a good advice on using a decent third party behaviour blocker with KAV in the end.

 

IMO there is no need for a third party behavior blocker, KAV/KIS has already the best designed one (IMO) and is not at is full potential atm according to KAV devs.

 

OK, possibly my bad. As I stated in my post #25, I don't have much interest in KAV/KIS and I can't confirm that, so I respect YO.

Cheers