Why Your Antivirus Sucks

Recently I’ve been going hard at it with C# virus detection and cracking WPA2 passwords. I’ve had a growing interest in Cyber Security since I was in senior year of high school. Cyber Security is probably one of the more difficult things I’ve had an interest in. One big part of protecting yourself from hackers and virus creators is your antivirus and firewall. Today I’m going to explain to you why your antivirus sucks.

Disclaimer: I test these methods on my own network of computers, nothing more. I do not commit any malicious acts using this information. I simply educate others on how unsafe they really are.

Why does your antivirus suck?

Let’s start with the basics on why your antivirus sucks. First off, Windows Defender. Windows Defender is the basic antivirus that any Windows computer comes with by default. Pretty sure it’s only available on Windows 8 and above. Truthfully, Windows Defender isn’t that bad. However Windows Defender antivirus sucks in some cases still.

I currently work at a Chrysler subsidiary where I deal with helping the dealership mechanics with their wiTECH software problems. One of the emails we received a few months ago was about the DRB Emulator, which is a software the dealerships use to work on pre-2008 vehicles. The email stated that Windows Defender detected a Trojan virus inside of the DRB Emulator.

I had to explain to the customer that this is what is called a “false positive“. Unfortunately Windows Defender has a lot of false positives. Windows Defender also does not pick up all viruses, but definitely most if they use common methods. Even if the virus isn’t well known or in MicroSoft’s database, it will check the code on the virus for those common methods.

Yeah, but it still detects viruses and stops them

However, there is an easy way around this. Simply encrypt the virus by shifting around a few bytes in the executable file and BOOM, virus is not detected. This is not just an issue with Windows Defender, this is an issue with almost all antiviruses. On top of this, if you’re virus is like mine it will self-modify itself on installation. Which means when you install it, it will rename itself to something else to avoid being caught during run-time.

I’m not going to list my VirusTotal report because I don’t want my virus in any databases (for development and penetration testing reasons), but my VirusTotal report was a 4/60 which is virtually undetectable. Keep in mind, VirusTotal uses multiple different anti-virus softwares to test this such as Windows Defender, Avira, Kaspersky, etc. The reason for this is because I coded my virus from scratch using basic C# methods. I didn’t use any rootkits or anything that common hackers use. Therefore there was nothing to detect. All of my DLL’s are embedded in the executable file as well which leaves even less to detect for the user. Then on top of that, everything is encrypted.

Antivirus cannot detect the methods that real developers like myself would use. Therefore, your antivirus is practically useless against any real hackers. If they want your data, they will find a way. Because real hackers and developers make their own viruses, and they code their own methods usually. Your data is never fully safe anymore, and you’re a fool if you think it is.

Prove my antivirus sucks.

Well there’s not much to prove unless you want to do a little bit of research. A good example of antivirus failing would be the massive ransomware attacks that happened at major hospitals earlier this year (mid-May of 2017). That was just one single article on these types of attacks. If you’d like to read more about it just google “ransomware attacks” or “WannaCry virus” and you’ll find a bunch of them.

I was currently working at Birmingham Geek out in Birmingham, MI at the time of these attacks. During this time period, we had a major spike of ransomware attacks in the area which generated a lot of business for us. We had at least 3-4 people come in every week with ransomware viruses on their computers. We had to tell the customers to contact a data recovery company to decrypt their files for them. Most of them just ended up paying the ransom because it was cheaper.

How can we make it not suck?

If you truly want to be safe, you won’t be until your antivirus provider cares about your safety as much as you do. When antivirus companies start hiring people who have made viruses from scratch, they will be that much safer. Get someone who knows how viruses work. Have them engineer detection methods to find their own viruses, then you will have a real antivirus. Until then, you’re just dodging script kiddies.

Hire someone who knows how it works like myself. You need an engineer to reverse-engineer these viruses and figure out how to stop them. Otherwise you’re just dancing around the fire.

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑