46 anti-virus programs failed the test!

If a bored IT professional can circumvent nearly half a hundred known anti-virus software in a matter of hours with simple techniques, it’s a concern for privacy. If there’s a manufacturer for that who just waves, it’s scary enough already.

Although most IT professionals are aware that antivirus software is not perfect, but how much energy they can play out has not been really studied so far. However, IT security expert Attila Marosi played 10 anti-virus software and, by the way, firewalls in 12-46 hours, using simple techniques that can be easily found on the Internet, all of which will be presented at the Ethical Hacking conference on May 9th.

“During testing, a so-called I used Metasploit shell_reverse_tcp, which provides remote access to the attacker. This is a malware that is well known to the IT security community, and antivirus alerts it regularly on tests. If such a well-known program can be hidden, there is a big problem, and the 46 anti-virus programs examined are not alarmed, ”explained Attila Marosi, the conference speaker.

The specialist then went on to investigate and run a runtime test on the 9 most popular antivirus products. However, the results were not exactly convincing here either: only three antiviruses alerted, and only two of them blocked the activity.

According to the expert, the reason the simplest way to get around most antivirus software is that antivirus programs do not include the features that manufacturers claim or have, but they only work under a "certain star position", so they can be easily circumvented .

“There was a manufacturer to whom I sent the solution to bypass their antivirus and firewall, but the answer was that it wasn’t a mistake because they could write a signature on it. However, this is not true, as this pattern only works until I change the code. Of course, there was also a manufacturer who was shocked by the result and trying to eliminate the mistakes, ”said the IT security specialist.

According to Attila Marosi, who will present the method of bypassing antivirus in detail at the Ethical Hacking Conference on May 9, the solution may be actual separation, and there is already an operating system that can turn off running applications from unknown sources or without signatures. In addition to signature-based detection, even more attention should be paid to real-time detection of malware, in which anti-virus software still has a long way to go. However, the various tests should also move in this direction. “In most tests, attributes such as speed are highlighted,” explained Attila Marosi. "However, if you have a business plan on your computer that steals millions of people, it is worth considering whether the few percent speed difference between antivirus software is really that important."

Clear antivirus

The Ethical Hacking Conference will not only be the only presentation on this topic, it also promises to be interesting Buherator: Antivirus from a clear sky, or the shady sides of cloud-based defense. presentation by a Silent Signal IT security expert to explore key issues in service-based endpoint protection and provide practical examples of the unpleasant consequences of over-reliance on vendors.