Jump to content

Question

Posted

Do AV companies check each definition update against windows?

Every now and then an antivirus company releases a definition update which brings Windows to its knees. ( Example: When Webroot recently released an update which locked people out of their windows 8 machines) The AV accidentally flags a crucial system file as malicious and deletes it. How does this happen? I realize there are 100,000

Share this post


Link to post
Share on other sites

33 answers to this question

  • 0

Posted

[quote name='HawkMan' timestamp='1356557340' post='595416728']
oh, so they should just not bother then :facepalm:

seriously, that's your argument ?

and use a quality AV, which pretty much excludes all the free ones and you're pretty damn close to 100%, even on zero day viruses if you keep the heuristics on and at a decent setting
[/quote]

No my point was that you saying they cannot skip Windows files because they cannot guarantee 100% that they are clean, yet they are signed by Microsoft. They cannot guarantee Microsoft files are clean, but they cannot guarantee your computer is 100% clean either (close to 100% is still not 100%, so there is no sticker on the box that says "we guarantee your computer is 100% clean at all times").

Not once did I say they should just not try. These are Microsoft signed files we are talking about. You said they cannot guarantee they are 100% clean, but no AV has 100% detection rate anyway. I did not say they should just give up and go home.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Astra.Xtreme' timestamp='1356557559' post='595416738']
Again, you're missing the context here. We are talking about files signed by [b]Microsoft[/b]. Unless there is a disgruntled employee writing Windows, there is a 0% chance a stock Microsoft signed file will be infected with something. I see no reason why Microsoft couldn't be trusted for publishing clean files in their OS. There's no logic in believing this would be a security risk. Scanning these files only adds unnecessary reliability risks.
[/quote]

I think you're missing the point.

it doesn't matter WHO signed the files. The very purpose of security company is to NOT trust anyone elses security.

Also there's only a risk if you use a company with bad Q&A, generally all the free ones and the crappier paid ones. despite it previous bad rep, Norton is actually a very good AV today, with high performance, next to no system impact they actually make sure these things don't happen, and they're one of the best one zero day threats, and web threats that other AV's won't touch because they're not considered "viruses".

so pick one of the better security suites that cover a little more than just AV, and has a good rep and this isn't a problem, stay with the free ones, and expect to have you system files broken at some point.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='HawkMan' timestamp='1356561077' post='595416834']
I think you're missing the point.

it doesn't matter WHO signed the files. The very purpose of security company is to NOT trust anyone elses security.
[/quote]

Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...
Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.
Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Astra.Xtreme' timestamp='1356563653' post='595416928']
Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...
Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.
Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.
[/quote]

Sometimes you can disinfect system files or restore the original.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='Astra.Xtreme' timestamp='1356563653' post='595416928']
Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...
Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.
Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.
[/quote]

ugh

:facepalm:

Share this post


Link to post
Share on other sites
  • 0

Posted

I would like to see webroot's take on this. I know we have a rep or two that posts here.... I'd love for them to participate in this thread.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

Some anti-malware companies check Microsoft Windows Updates. That means applying the update across all combinations of Microsoft Windows in all service pack levels, editions, and languages that they support, in combination with all of [i]their[/i] products. This might be one or two thousand different configurations, so it's usually the sort of thing that's done headless in a server lab running all those configurations as VMs, although it could involve native hardware if there were a specific reason to do so ([i]e.g.[/i], a strategic partnership between the anti-malware company and a device manufacturer for some kind of turnkey solution).

Regards,

Aryeh Goretsky

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='goretsky' timestamp='1356680067' post='595419306']
Hello,

Some anti-malware companies check Microsoft Windows Updates. That means applying the update across all combinations of Microsoft Windows in all service pack levels, editions, and languages that they support, in combination with all of [i]their[/i] products. This might be one or two thousand different configurations, so it's usually the sort of thing that's done headless in a server lab running all those configurations as VMs, although it could involve native hardware if there were a specific reason to do so ([i]e.g.[/i], a strategic partnership between the anti-malware company and a device manufacturer for some kind of turnkey solution).

Regards,

Aryeh Goretsky
[/quote]

many people are allergic to hypervizors....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.