What to detect and why

Discussion in 'other anti-virus software' started by ink, Apr 14, 2007.

Thread Status:
Not open for further replies.
  1. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    I noticed that some antivirus detect inf and corrupted files for some malware, for example the autorun.inf and corrupted files made by W32.Almanahe.A virus, I think it is a good point, it can exactly restore your system to a clean state. Some vendor claim that inf and corrupted files can no longer execute, spread, or infect other files, so no need to pay attention to it. I don't think it is a good protection.
     
  2. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    The point is that corrupted files may not be detectable anymore since you can have a lot of different problems:

    1)The virus body is missing completely or partially
    2)The file headers have been destroyed with invalid values, broken imports etc.
    3)The virus was polymorphic/metamorphic and had a bug causing the virus code to be present but not representing valid code or simply doing the wrong things

    This may mean that both signature or algorithmic detections approaches may not trigger on the file anymore that do trigger the correctly infected file.
    Looking for every possible way of corruption would in many cases require a very different detection routine in case of poly viruses which may mean a drastic slow down in scanning speed depending on the virus and the way the file is corrupted. It's also likely for many viruses that the file is broken but no trace of the virus can be found in it.
     
  3. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    I got that point and understood that there are diffculties.
    Maybe the only reliable protection is the system restore software plus antivirus in case of infection. For there are possibilities that unrepairable destroy caused by unkown virus.
     
  4. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    That's why I tend to emphasize that virus repair is overrated. You'll never get all of your files repaired, and sorting out the trash/manually restoring destroyed files tends to be a lot more work than simply reinstalling the system or restoring it from an image.
     
Loading...
Thread Status:
Not open for further replies.