mattxd00

What would you recommend instead of Avast! then. I just need real time protection instead of a whole AV. I pay for the subscription and get extras like a firewall and all that which I don't need. They market it as if I'm going to get hacked, nobody is going to hack a random person they don't know anything about. If i turn off my firewall it's not like my money from my bank account is going to disappear in an instant. I just want some sort of AV that offers real time protection without the heavy load of extra stuff I will never use. Like for example the secure-line VPN, anti-spam, sandbox, home network security. None of this affects me, I'm wasting money on stuff I don't use and it's pissing me off especially when because of it my system runs slower. I'm considering purchasing Malwarebytes Premium for the real-time protection because it has saved me alot in terms of online websites. It's good at blocking random ads that pop up on some websites and files too without a heavy load. Is there any other similar ones? Free ones? Possibly paid? Only real-time protection. No scanners, firewalls, vpns, anti-spams. Just simple real-time protection web and file based.

Someone recently who works in the computer industry as a programmer told me that antiviruses aren't really needed and he thought they were a waste of space for users who know what they're doing. He added that all they do is take processing power and that if a virus is going to infect you it will do so without the AV doing anything. I just want to raise this point because I am considering removing my Avast subscription and if it actually would be ok to do so. Before launching any suspicious files I test them in various online/local sandboxes to ensure they do not infect my system since I bank on it aswell as game. I know what I am doing and have spotted infected files before such as ransomware and RATs which prevented me having an infection, etc. And sure, online sandboxes are not reliable due to detection however this is the same for an antivirus. Realtime protection is meant to prevent the execution of malicious files based on their signature. Now, if a black hat is to write a good trojan, that trojan is 100% to be encrypted meaning it will fly through the detection and launch. It might be scanned by others thus distributed to the companies for signature analysis which would note the signature and add it to the database but that would be after a certain amount of time. For me personally, I never use my AV. I analyse files myself using tools so I know not to launch the file if I find anything malicious. Should I remove Avast! or not? Keep in mind I have like 8 types of protection services such as firewall, web shield, file shield so it takes up ALOT of CPU power which could be used to speed up my system.

Thanks, I've heard of reverse engineering however there were not many useful resources I could find online to help me learn it. From what I know, reverse engineering is taking for example a crypted stub that is encrypted and houses the payload, decrypting it and then having a look at it's source code to see what it actually does and for example, manipulating the payload so you somehow maybe pull information from the attacker. I believe cracked software is also made possible by reverse engineering. Its a topic I am interested in but I have no idea how to start or where to learn it. Sure I have dotNetSharper or whatever it's called but that only decompiles .NET code not decrypts it.

Thanks for the explanation. I just really have a huge interest in software development particularly in malware, I think the methods each malware uses is interesting. I mean malware is kind of like an art in my opinion but limited to the point you cannot do everything you might want. I understand it's bad but I don't have an interest in it to profit or whatever, just general like the ways worms use to spread and we've seen many examples over the years. One that stands out(unsure if it's a worm) is the virus called Chernobyl which spread to exe files on the pc, wiped hard drives and overwrote the system bios, basically making the computer useless although this is not possible anymore because of technological advancements. Another issue aswell is process injection. Since I found out about this years back I've always been conspicuous when banking online, always thinking that something might be watching waiting to steal my details and me not knowing. Is there a way to detect them? I've done malware analysis and I am quite interested in it however I found that rather than having my own vm lab setup it's more efficient to use online sandbox scanners since they are safer, faster and give pretty much the same result although the best setup would be a standalone pc isolated from the network where the malware would be ran, then analyses using tools. I haven't had much experience with process hijack or injection but it's pretty easy to do for script kiddies now, although I haven't seen it in RATs, in Kali Linux metasploit features process injection and also allowing users to send a payload inside a word document or PDF. And that's what scares me, I always think my PC is infected even when it's probably not but I have no way of detecting whether there has been a process injection or not. And since the code is inside like explorer.exe which launches at boot there would be no new startup entry for it. I don't think I'm being unreasonable here, if you have a ton of money saved up and some stuff head buys like random stuff on PayPal to waste all of it or god forbid tries to steal it, it's a very bad situation and I never want to be a victim in it.

Ok so they can use a time bomb which I've heard of before, and reboots but how do they do all this without the user knowing. I'm assuming since it's a time bomb it would have to have a process running counting down or simply add a task to activate it in the scheduler. I never really understood how the time bomb worked. Neither rootkits. If you were to activate a root kit, it cant get into the boot manager without rebooting anyways I think. But how does it then do that on restart. Maybe link me some sources if you can't explain???

I understand there's tricks/exploits certain malware use to fool the user who is running an infected application sandboxed that it is safe. But how does it do that? I recently came across a file I scanned in an online sandbox which upon execution, launched 2 RATs that installed themselves along with adware applications that bombed the sandbox with downloads to millions of ads. I know developers can 1. Put out a fake warning to make it seem like the application errored and nothing malicious has launched 2. Use exploits to break out of the sandbox and infect the PC(rarely seen this myself) Knowing that, is there any way for them to detect a online sandbox? It seems to me that the online sandbox is fool-proof because it just works so perfectly and everytime sandboxie launched no malware, the online sandbox would show me that it actually did launch something else along with saying that it tried to detect the sandbox using a certain method. In conclusion, what methods does malware use to detect VMs/sandboxes(VMs is kind of easy to figure out) and is there a way for the developers to fool online sandboxes. Im talking about professional malware developers not script kiddies with RATs.