My Anti-Malware Could Not Detect a Malware

Companies developing Anti-Malware products are having a common goal to make sure all known malwares are being detect and remove from the system, in addition they want to make sure unknown or undiscovered malwares could not bring harm to a system. Achieving such a goal would be done in number of ways. In order to make sure all known malwares in the world are being detect and remove, they will work with several organizations and other security companies. When there is a sample of new malware, they will share it in public blacklist of malwares so other Anti-Malware vendors would have access to those samples and they could develop Anti-Malware signature which remove the malware using it. This part required on-going collaboration and international work with organizations all over the world. The difficult part is to detect an unknown or undiscovered malware. It is not easy to detect and remove something which we are not aware of it. In this case Anti-Malware vendors develops techniques to detect unknown threats based on their behaviors, similarity of actions with former malwares , analyzing previous vulnerabilities or malware infections, etc. Companies will use different ways and techniques to detect unknown malwares and sometimes such a detection might lead to incorrectly detect a safe software as malware. In most cases, when an Anti-Malware detects suspect programs that seems to be a malware, it will placed it in quarantine (a place to place malicious code which could be removed or recovered later) and will send it as sample to research team if the user permit the Anti-Malware to do so. These samples will analyze and if they been confirmed as malware, then they will release a signature through update to completely detect and remove it and its dependencies. In case that it detect as safe, then another signature will release to mark it as safe so it won’t detect as malware anymore.

Even though Anti-Malwares companies spending several resources on research and detect malwares, there are still possibilities that an Anti-Malware product could not detect a malware. This issue applies to all Anti-Malware products and in all operating systems. Some users said that we are switching to platforms like Linux or Mac, so we don’t have issue with malwares. Well, that is NOT true, you are not safe from getting infected with unknown malware, no matter what platform or what Anti-Malware are you going to use. This is unfortunate fact and we should deal with it. However, there are ways to control situations and keep malwares far away from ourselves. In order to protect yourselves against unknown malicious programs:

1)      Use operating systems with strong security foundation like Windows 8.1, in architecture of Windows there is a concept of defense in depth, it means your Anti-Malware is only one of defense layer of your system and if a malwares bypass it, there are other protection features in Windows like DEP or ASLR which could protect you.

 

2)      If you see any suspect files or programs, report it to your Anti-Malware manufacturer. All Anti-Malware companies will have a ways to ask user to do a manual submission of suspect files. For Microsoft, you could submit to Microsoft Malware Protection Center.

 

 

3)      If you run scan with another Anti-Malware scanner and it detects samples which might not detect with your current Anti-Malware product, report them as well. In many cases, there are cases of incorrect detection (technically false-positive detection) and when you submit those samples, please explain that those been detected by which scanner.

 

4)      Your Anti-Malware manufacturer is your friend. One of the biggest mistake of many users is when they face undetected malware, they just switch to other operating system or other Anti-Malware products. Instead of doing that, get help of your Anti-Malware company support and ask them about best practices and how to handle unknown threats.

 

Battle against malwares requires working together with international communities and users and security vendors should work as one team to combat against malwares.

Advertisements

Comments are closed.

%d bloggers like this: