All You Always Wanted to Know About Antiviruses

Explore the inner workings of antivirus software in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the research findings on antivirus internals, demystifying their operation and examining the impact of design decisions on user and company security. Analyze multiple commercial antivirus products across Windows, Linux, and Android platforms, uncovering new attack vectors and defensive strategies. Distinguish between antivirus engines and products, examining their structure and component usage in various detection steps. Learn about static and dynamic detection methods, monitoring level configurations, and hidden backend features. Investigate the use of whitelists, blacklists, and signatures in antivirus software, including an algorithm for identifying signature-based detections. Discuss the trade-offs involved in implementing different detection techniques and real-time monitoring. Discover how antiviruses handle network monitoring, including proxy setup, man-in-the-middle scanning, and SSL certificate manipulation. Examine update frequencies and gain insights into the often-overlooked aspects of antivirus operation that impact user security.