Are you using antivirus?
My guru once in past said, that he does not use antivirus on his windows 7 system. Best antivirus for your OS is, of course, wise human. For me, these days, it was as if someone would said to me,: “I come from Mars”. But day, after day I began realizing truth of this words.
I began digging into how AVs and Windows system works.
Fingerprinting and Heuritics
Fingerprinting is a short sequence of bytes extracted from the body of a specific virus strain. If a given fingerprint is found, the content is reported as infected .
Heuristic anti-virus technology detects infections by scrutinizing a program’s overall structure, its computer instructions and other data contained in the file.
We can mislead these two by using methods:
- github.com/912d/…Main.cpp#L81 that function, which is allocating some memory, waits a few second, then release it. It fool AV to think that we are need huuuge field of RAM. Which virus want that much memory? For what? To be noticed immediately?
- by using non-invasive method to do “evil” things. What I mean? Let say, we want to log keystrokes.
We can hook methods or use methods like this: virtual keyboard to char, virtual keyboard to char.
These method are undetectable by modern AVs (detection rate at virustotal).
And that’s the way that pseudovirus from title, works.
By the way, there is function to take a screenshot. Simple method.
CImage class is unusual, that is why I must import gdi+ library and develop this pseudoprogram, I mean, pseudovirus, in Microsoft Visual Studio.
And I must admit, I’m noob. So let’s imagine what decent win32 programmer can write.
That’s why I don’t use antivirus.
PS: I added new category, below post: recommended reading. This is somewhat correlated to article. Because it shows what great coders can achieve. Also, I recommend almost all articles on Gyn’s blog.