Antivirus companies are constantly monitoring the activity of malware worldwide. The antivirus analyzes all the files that are running on the computer and sends that data to the company. Thanks to this, the database is always as current as possible. But,how the antivirus detects this malicious content first of all, if no antivirus has it in the database?
Malware uses similar mechanisms
The key lies in the mechanism used by the malware, which is usually the same as other previously known antivirus. For example, him malware code it is analyzed and it can be detected if there are malicious intentions in it. In the event that you skip it, if a malware tries to start encrypting a computer all at once, or tries to modify system files in an automated pattern, the antivirus can detect it and block it all at once.
This type of detection mechanism can lead to false positives. This is the case, for example, of programs like cracks for programs, which perform behaviors such as modifying the program code or even the system to bypass the detection mechanisms. All this is detected as malicious by the antivirus, and blocked from the root.
But some zero-day vulnerabilities slip away
Unfortunately, all of this may not work at times, and there are antivirus programs that may not detect calls zero day vulnerabilities. These vulnerabilities consist of security flaws that have not been patched, either at the security level. software and even of hardware. We saw an example with WannaCry, where the computers that did not have the patch installed were infected without the antivirus being able to detect it, since many computers did not have the operating system updated to install the patch, nor the antivirus to detect it.
At AV-TEST, the best antivirus security analysis website, they test millions of threats, whether known or unknown. In fact, they always have a zero-day vulnerability database that they use to check if an antivirus is up to date in terms of protection.
In the last test, the results of which they published this week, they verified the protection against 303 zero-day vulnerabilities. Virtually all antivirus they passed with a note and they protected against all, but one that normally protects against all failed: ESET. The antivirus “ate” cFour zero-day vulnerabilities.
For this reason, it is possible that there is malware that escapes the antivirus, and that is why we must always be careful with what we do on the computer and the content that we visit or execute. In addition, this also makes us see that it is important to do a complete scan of the computer from time to time, since months or years ago we may have downloaded and stored a file that contains malware, but that at that time was not detected by the antivirus. Thus, if you have a folder of programs and some have not been run in years, and you pass the antivirus, you will see that it surely detects a malicious file.