Antivirus software normally matches code patterns to well-known pattern database... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

LeoNatan25 on March 11, 2020 | parent | context | favorite | on: AvastSvc.exe contains a full, unsandboxed JavaScri...

Antivirus software normally matches code patterns to well-known pattern database. It does not investigate the code on the client machine. AV software houses run their own labs, where emulation is used to inspect suspected malicious code.

staticassertion on March 11, 2020 [–]

To my knowledge every single major AV packages a local emulator. We have long, long moved beyond a world where AV does basic pattern matching.

Frankly, I am far less concerned with the js interpreter than I am the rest of the codebase.

http://computervirus.uw.hu/ch11lev1sec4.html

https://www.blackhat.com/presentations/bh-europe-08/Feng-Xue...

http://joxeankoret.com/download/breaking_av_software_44con.p...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact