It happens that RayLopez99 formulated :
> On Friday, November 27, 2015 at 9:37:12 AM UTC+8, FromTheRafters wrote:
>
>
> I thank you for the "repo" link; it suggested a lot.
>
> I also code for fun (I do demos of stuff that I want built, then generally
> hand it over to professional programmers; C# is my language), and I'm amazed
> at how much faster an optimized program is over a non-optimized program
> (10-100x, and I do try and optimize code).
>
> So my next question is: how do AV scanners scan so fast? Do they have a
> special "emulator sandbox" that will try and 'run' a suspected piece of
> malware? I doubt it, since if so, the virus writer will defeat such emulator
> by simply introducing delay into their malware, such as by having the malware
> 'wait' 5 seconds before doing anything; this will defeat an emulator sandbox
> since time is of the essence and time = money, so no time can be wasted by AV
> companies.
Essentially, yes. Add to that the armoring of a virus or other malware
which is not so much to evade automatic detection by AV software, but
to make the malware reverse engineering task more difficult. It makes
their 'zero-day' last longer.
If you're not tired of reading yet:
http://www.symantec.com/connect/articles/who-goes-there-introduction-access-vir
us-scanning-part-two
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|