Monthly Archives: April 2012

Why Antivirus Programs Fail

This is a real example of why just relying on an antivirus to detect all malware will fail. Today I got, for the nth time, a few of those scam emails that have an infected attachment and a message enticing me to open it. Since I hate to disappoint, I went ahead and opened one, just to see what my antivirus would do (But also having fail-safe measures in place).

I’m currently using Kaspersky Internet Security 2012, one of the top security suites and my current favorite. Normally upon receipt of the email Kaspersky would quarantine the suspicious attachment… if it detects it as malicious. But it didn’t. The attachment was compressed in a file, so I thought maybe that’s why and went ahead and extracted the file from it. Nothing. No response from Kaspersky. So I forced a scan of the object, and still was not detected as malicious!

I then went to a website where individual files can be scanned by many scan engines. This particular one scans the file against 42 different engines. Kaspersky, Avast, Symantec, VIPRE, McAfee, you name it. All the big brands and more. Well, only 4 out of the 42 detected the file as malicious!

Why is that? Because the creation of different malware samples outdoes by far the updating of signature files (the files that tell your antivirus program which files are good and which ones malicious). Signature files are what antivirus scanners mostly depend on to detect malware.

I said it in 2009, and I’ll reiterate it today. Want to have a better chance at staying malware-free? Follow the model I laid out back then, in my pivotal article on the subject.


P.S.: 4/12/12: It’s the morning after, and I decided to analyze that piece of malware in detail, so I tried to fetch it from the trash folder in my email… Wasn’t able to. Kaspersky beat me to the punch and deleted it. In re-analyzing the file (from an alternate source) against the 42 scan engines, the count had changed to 7 out of 42 recognizing it as malware. Kaspersky was one of them. So relatively good.

Computer Basics – The Two Basic and Most Commonly Misunderstood Computer Terms

The first one is “byte”. We’ve all seen it. “Transmission speed: 500 Kilobytes per second”. “Storage capacity: 500 Gigabytes”. Or perhaps “Oh yeah? Mega-byte me!” 🙂

So what is a byte, in terms of computers and telecommunications? The simplest answer: A unit of information. It consists of 8 of the most basic units of information: The bit. Why 8 and not 7 or 9? That’s irrelevant to the scope of this article, so we’ll leave that at that.

OK So what the hell is a bit then? the term is a contraction of BInary digiT. Or maybe Binary digIT. Anyways, “binary” refers to the numerical system, based on 2 and only 2 possible values: 0 and 1, or false and true, yes and no, on and off, positive and negative, yin and yang… you get the idea. “Digit” is a symbol that represents a number. 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 are, in current Western culture, the ten digits.

So a bit can only have two possible values: 0 or 1. That sort of explains the idea that computers can only think in terms of numbers. And only two numbers at that. No matter what you see your computer doing, whether you are composing an email, watching a video, reading this, all the computer is doing is thinking “0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1” and so forth.

Getting a headache from so much significance? For a graphic representation of a bit, watch the movie TRON. Or, for fast forwarding to the good part, watch this video clip of the TRON scene where the bit is introduced:

Have fun!