Quote:
Originally Posted by MeTh0Dz|Reb0rn
There is so many problems with what you just said Telboon.
First off, anyone can write (okay not anyone) a virus that won't get detected by an online virus scanner. As long as your code isn't to similar to virus definitions already in its bank.
The virus signature is a set of bytes in a virus, that have been identified as belonging to a virus. Anyone still wondering can read this, Computer virus - Wikipedia, the free encyclopedia
So basically before the virus can be detected there has to be a signature that identifies it. |
Firstly, my question is to ask what an signature of a virus is. I'm not self gratifying, in case you are mistaken. The program I stated is to explain my point, which is that the process of virus infecting and doing its payload is legitimate. Before the signature gets explained, here comes virus definitions. Very helpful. I know all these terms exist to identify virus(duh!), but how exactly does it do it? THAT is what I want to know, instead of what its.
Set of bytes. Now we are getting somewhere, but what exactly is that set of byte? What defines that set of byte? The set that is malicious, or just random bytes? Are antivirus makers so sure no other legitimate software will have these set of byte by coincidence? How about my program? It does what a standard virus does(or maybe just a part of it), but why isn't the "evil set of bytes" found in my program?
So basically, what is special about that set of bytes that the antivirus can be so sure of, to claim that the program is a virus?
PS: By the way, the virus scanners had heuristic scanning turned on. But just to avoid confusion, let's leave the heuristic part out, first.