3 Replies Latest reply on Feb 10, 2012 3:13 AM by Peacekeeper

    Rogue anti-viruses

      I'm a young computer programmer looking into computer security and I wanted to ask a few questions.

      1. Over the past 3 months, ive been hit with 3 various rogue anti-viruses, 1 of which I successfully removed, 1 I had to go to experts, and 1 more im in the process of deleting right now. I've noticed a few particular things that i find interesting about them. One thing is that every time there is a rogue anti-virus attack, I go to the processes list in the Windows Task Manager and find several processes with mirror copies of each other running side by side. My question is, how come anti-virus softwares cant pick this up?

      2. When i looked through the processes list during one of the rogue, I noticed an interesting process with a description written exclusively in russian. That is the only process I've ever seen on any of my 3 computers with a description written in russian. After terminating the process tree, the rogue temporarily stopped it's attack long enough for me to access the internet and various other applications. If I alone was able to do this, why can't an anti-virus application figure it out as well?

      3. Rogues, trojans, worms and viruses are known to use the dirtiest tricks possible to achieve their result. Why can't an anti-virus be designed to do the same? I've heard of rogues that are able to shut down the system's native anti-virus and embed themselves as deep sometimes as the BIOS system. Why can't an anti-virus be designed to so itself? So that even if the anti-virus is disabled by a rogue, it can restart itself on a dime.

      4. Anti-virus companies overblow their claims way to much. They claim that they can cure anything and everything. "Make your computer run faster than ever." And lately ive been finding rogues and anti-viruses ever harder to tell apart. I've had an instance where an anti-virus actually acted as if it was a rogue. I panicked, deleted it, and only to months later look it up on various sites and find out that it's a legitimate anti-virus. I have to truthfully admit that I've found open source, non-profit sites and applications to work better and do jobs that I pay professional anti-virus companies to do much better. In short, Why can't these companies just go back to the basics of solving problems instead of earning money?

       

      Thanks for taking the time to read all this.

        • 1. Re: Rogue anti-viruses
          exbrit

          None of the major antivirus solutions can deal with many of these fake alert types of malware.  Hence the special tools available on the web and indeed from McAfee themselves.  See this document I put together a while back which lists some:  https://community.mcafee.com/docs/DOC-2168

           

          The main reason is that the heuristic detection engine would have to be cranked up so high that people would be finding much of their legitimate stuff getting disabled in the process or severely restricted.

           

          There usually is always a free way of getting rid of these things.

           

          As far as the ecomomics of this and how big companies such as McAfee think in that regard is not for me to comment on but I doubt things will change much in the near future.   They all are much the same in what they offer and how they deal with problems.

          • 2. Re: Rogue anti-viruses

            If you say Rouge Anti-Virus, what does it mean actually and what does it differ from normal AV?

            • 3. Re: Rogue anti-viruses
              Peacekeeper

              It means it pretends to be an Antivirus program detecting heaps and saying you need to but it to fix the detection. As well as not fix the false detections it can also load malware onto your PC.

              Full discription

              http://en.wikipedia.org/wiki/Rogue_security_software