How do Viruses Attack Anti-Virus Programs

TL;DR

This paper discusses the vulnerabilities of anti-virus programs running at kernel level, emphasizing the need for secure development to prevent exploitation by specially crafted malware and improve detection effectiveness.

Contribution

It highlights the security challenges faced by anti-virus systems and proposes the importance of designing robust anti-virus engines resistant to sophisticated attacks.

Findings

Viruses can exploit anti-virus weaknesses to gain control

False positives and negatives affect anti-virus effectiveness

User carelessness increases infection risk

Abstract

As the anti-viruses run in a trusted kernel level any loophole in the anti-virus program can enable attackers to take full control over the computer system and steal data or do serious damages. Hence the anti-virus engines must be developed with proper security in mind. The ant-virus should be able to any type of specially created executable files, compression packages or documents that are intentionally created to exploit the anti-virus weakness. Viruses are present in almost every system even though there are anti-viruses installed. This is because every anti-virus, however good it may be, leads to some extent of false positives and false negatives. Our faith on the anti-virus system often makes us more careless about hygienic habits which increases the possibility of infection. It is necessary for an anti-virus to detect and destroy the malware before its own files are detected and destroyed by the malware.