The effectiveness of Antivirus software

[Chicog]

People are always asking here what the best current AV is. This is not to influence any such decisions, but merely to point out that having up to date AV installed is simply not enough these days.

One on of my accounts, I received an obvious Phishing message, with a RAR attachment, so I decided to extract it (it was a .EXE file) and submit it to Virustotal, one of several online virus scanners. I was quite surprised to see only 12 of 50 scanners identified it as malware.

I know there will always be some disparity between the various AV engines, but I still find this quite surprising.

Moral of the story? AV is not enough, you have to practice secure behaviour in everything you do.

And I double checked at a couple of others as well, with the same result.

Antivirus Result Update Ad-Aware Gen:Variant.Symmi.23532 20140217 BitDefender Gen:Variant.Symmi.23532 20140217 CMC Heur.Win32.Veebee.1!O 20140213 ESET-NOD32 a variant of Win32/Injector.AXVQ 20140217 Emsisoft Gen:Variant.Symmi.23532 ( 20140217 F-Secure Gen:Variant.Symmi.29873 20140216 GData Gen:Variant.Symmi.23532 20140217 Kingsoft Win32.Troj.Generic.a.(kcloud) 20140217 Malwarebytes Trojan.Dorkbot.ED 20140217 MicroWorld-eScan Gen:Variant.Symmi.29873 20140216 Qihoo-360 HEUR/Malware.QVM03.Gen 20140217 Rising PE:Trojan.VBInject!1.6546 20140217 AVG 20140216 Agnitum 20140216 AhnLab-V3 20140216 AntiVir 20140217 Antiy-AVL 20140217 Avast 20140217 Baidu-International 20140217 Bkav 20140214 ByteHero 20140217 CAT-QuickHeal 20140217 ClamAV 20140217 Commtouch 20140215 Comodo 20140217 DrWeb 20140217 F-Prot 20140215 Fortinet 20140217 Ikarus 20140217 Jiangmin 20140217 K7AntiVirus 20140217 K7GW 20140217 Kaspersky 20140217 McAfee 20140217 McAfee-GW-Edition 20140217 Microsoft 20140217 NANO-Antivirus 20140216 Norman 20140217 Panda 20140216 SUPERAntiSpyware 20140216 Sophos 20140217 Symantec 20140217 TheHacker 20140217 TotalDefense 20140217 TrendMicro 20140217 TrendMicro-HouseCall 20140217 VBA32 20140217 VIPRE 20140217 ViRobot 20140217 nProtect 20140216

[Chicog]

Unfortunately that didn't format very well, but essentially everything from AVG (line 4) onwards missed it.

[MJCM]

Good one !!

Possible to post the Virustotal link or maybe post a screenshot to make it even clearer ?

[CharlieH]

Condom stretched over the keyboard works best, no virus at all.

[Chicog]

Good one !! Possible to post the Virustotal link or maybe post a screenshot to make it even clearer ?

Virustotal is www.virustotal.com

I'm not sure if the direct link will work but you can try it:

https://www.virustotal.com/en/file/c6e617dcc864607f008f43cb4c3412b040b4f447178ee836f4ed04e436689930/analysis/

[Chicog]

Condom stretched over the keyboard works best, no virus at all.

Hilarious. I'd consider a career in mime if I were you.

[MJCM]

Good one !! Possible to post the Virustotal link or maybe post a screenshot to make it even clearer ?

Virustotal is www.virustotal.com

I'm not sure if the direct link will work but you can try it:

https://www.virustotal.com/en/file/c6e617dcc864607f008f43cb4c3412b040b4f447178ee836f4ed04e436689930/analysis/

Thanks, I have a API key for Virustotal, but not a lot of virusscanners seem to take advantage and incorporate this into their program (Hitmanpro is one of the few) but maybe this is because of their terms

Link: https://www.virustotal.com/en/documentation/public-api/

But Ontopic here a screenshot of Chicog's scan, where you clearly can see that both AVG and AVAST don't (yet) detect this virus and only 12 out of 50 do

Edited February 17, 2014 by MJCM

[DogNo1]

Thanks. I always keep the free copies of malware bytes and ad aware handy and scan with them periodically.

[fasteddie]

Thanks. I always keep the free copies of malware bytes and ad aware handy and scan with them periodically.

OK, we heard you the first time.

[oxo1947]

I really like the Baidu set up---- I am a computer blond, but have had no problems with it, recently someone told me that it was hard to uninstall.....so I tried it & it was no problem, & no problem for me reads anyone can do it. I also like the computer check that they do to clear junk files. registry etc. I first ran it along side AV ,but it was finding & clearing stuff AV didn't pick up on, it kicks in & checks every time a USB external is inserted. Also run malware bytes. Good program.

[Jonmarleesco]

'... you have to practice secure behaviour in everything you do.' Not easy when you can't remember how you got wherever you are, or who is lying next to you...

[Chicog]

'... you have to practice secure behaviour in everything you do.' Not easy when you can't remember how you got wherever you are, or who is lying next to you...

You've already ignored my advice if you've got that far.

[MJCM]

'... you have to practice secure behaviour in everything you do.' Not easy when you can't remember how you got wherever you are, or who is lying next to you...

In this case the solution from post #4 should be able to give you good protection

Sent from my iPad using Thaivisa Connect Thailand

Edited February 18, 2014 by MJCM

[mikebell]

'... you have to practice secure behaviour in everything you do.' Not easy when you can't remember how you got wherever you are, or who is lying next to you...

You've already ignored my advice if you've got that far.

This is amazing. I tried to contact you yesterday for advice as my computer had 'caught' the 'Awesomehp.com' virus. I am by protected Avast/Microsoft Essentials. I tried everything to no avail. When I ran Malwarebytes it supposedly picked up on 200 corrupted files/malware, all missed by the previous safety blankets.

The infection didn't appear anywhere yet it hi-jacked my internet access.

Eventually I uninstalled Chrome & started again & that seems to have fixed it.

[kaveh]

Installing and even using AV software %100 correctly never make you %100 safe. And it’s not a big deal because viruses are not the only cyber threat.

This will be a big technical article to address the whole issues behind cyber threats but I’m gonna make it just in a few words: don’t mix up viruses with malwares and specially any social engineering methods. Even the state-of-the-art antivirus software or professional “security suites” cannot detect all malicious behaviors of malicious software, and finally there could be even no software engaging a threat, just a social engineering method to extract whatever you think from your PC!

As a practical answer, the only thing which normal end users should consider regarding using an AV is just your system performance and I’d never recommend a huge security suite for protecting you; just use a light AV engine and don’t pay for complicated applications; there’s a simple rule of thumb in security industry: more complicated, more risk to security flaws

[mrfaroukh]

McAfee Internet Security is one of the best I used.

[MJCM]

McAfee Internet Security is one of the best I used.

and the most resource hugging one

Sent from my iPad using Thaivisa Connect Thailand

Edited February 18, 2014 by MJCM

[thrilled]

Anti virus software not as good as cracked up to be.Many new viruses coming out are missed by anti virus systems.It's A game of cat and mouse.The mice are winning.The anti virus companies are making money hand over fist and are only doing A so so job.

[manarak]

that's why in addition to antivirus, it is necessary to also have both a firewall and a behavioral shield.

Nowadays, the firewall's main use is to block suspicious outgoing connexions.

But making the right decisions about which actions or connexions to allow requires some skill.

[olddoc]

I for years now have used AVG( free) and Zone Alarm(free) and have never experienced any problem.

Guess it depends on ones "surfing " habits!

[Chicog]

It's always good to use an addon like WOT as well.