Legacy AntiVirus products allow Unknown applications to execute on your computer!
(before we start you must listen to the music by clicking on the link below..its not the same without it 🙂 )
The Good, The Bad, The Ugly (aka unknown)
A computer file could be an executable or non executable type in general. The executable one is full of instructions telling the CPU (the intel thingy ) what to do, like show this character on the screen etc..just full of instructions..sometimes, these instructions could be some malicious things like, copy the password and email it to fraudster etc…Unknown
A file can be in 3 states
1) A good file
2)A bad file
3)Unknown file
A system, like legacy Anti virus products work in the main with “Blacklisting” architecture.
They work by saying: “if you are in the blacklist you are not allowed to execute in this computer”.
So lets take the files and push it thru a legacy antivirus to see if their architecture works.
Journey of a Good file…
We take a Good file and push it thru an antivirus…antivirus checks this against their blacklist..it can’t find it there so lets it go ahead and execute…all well and good so far…great…..
Journey of a Bad file…
next…lets take a bad file….(lets be nice and say that this is a bad file that the legacy antivirus knows about, cos there are many bad files that legacy Anti virus products know about, as No single Antivirus company can have 100% visibility to ALL the malware out there, period)..but lets be nice :)…so take the bad file and push it thru a legacy Antivirus….antivirus check this against their blacklist and bingo..it detected it and stopped it from executing….welldone legacy antivirus!!
Journey of an Unknown file…
Now lets take an unknown file and push it thru a legacy antivirus product, it will check against its blacklist…is it there? Nope…so lets just let it go ahead and execute..after all its not in its blacklist….
so what did i just execute?
What was that unknown file that I just executed? Was it good or bad? Afterall it can either be good or bad…. so using a “blacklisting” architecture you just allowed potentially malicious application to run and damage your computer!
If you were writing Viruses…
Now, lets say you are writing viruses for living…and believe me there are many out there that does that and many more who use these to make money from them. What would be the first thing you would do when you created your malicious creation?
Yep, you guessed it right…you would first check to make sure popular legacy Antivirus products don’t detect it. Afterall, if you are intelligent enough to write a virus, you should have an ounce of brain (used for wrong purposes….) to check if your virus is detected or not. And yes you make sure its not detected and then you release it on people….
But wait!!!
This new virus/malware that this Virus author just released will be an “unknown” file and will be executed….errrmm…yes…it will…..so now you know you are MAD MAD MAD to rely on a legacy Antivirus that still uses “blacklisting” techniques in an attempt to protect you but fail miserably!
Yeah but Legacy AntiVirus products have heuristic built in…..
Damn, didn’t know that 🙂 oh really, well everything is fine then…:) (sorry for the sarcasm….:) Heuristic is also based on “blacklisting method”, these are rules that identifies files/behaviours that matches a blacklist of rules. The architecture is still the same! You are still running the “risk” by “executing” “unknown” applications. Do these things detect more..sure they do…do they eliminate the risk, hell no!
So if you don’t want to run your computer or your business like a lottery and letting your security applications run “unknown” applications, then better use Comodo 😉
Melih