December 8th, 2002, 01:49 PM
Could this be possible???
The thing is that i have a backdoor (not created by me) and being a new version of this backdoor i got it to test it from a Windows XP to a Windows ME PC. And know what?... when i was sending the server through the LAN to the WinME PC, Norton automatically scanned the file and found the virus as backdoor (.......), OK. But this only with the last version of this backdoor. I mean that i can still use an older version of this backdoor and it doesn't matter if i send or manually scan the server or the client, Norton doesn't realize that is a virus. Besides, once the server is installed there's no easy way to erase it because Norton finds no viruses when doing a whole scan to the "infected" computer.
My question is, could this be an "enormous" mistake of Norton? How could it be possible that Norton finds the lastest version of this backdoor as a virus but not an older version of the same backdoor?
December 8th, 2002, 02:19 PM
Like any virus scanner, it only detects mal-ware it has a signature for. It may be that they (Norton) have not got a signature for other versions of the application.
You can easily create a "back-door" or any other malware which is completely ignored by the likes of Norton, it is all based on signatures. Also, if the source is available, recompilation with different compiler options probably changes its signature and hence evades detection.
Virus scanners are an extremely unreliable way of detecting mal-ware; even with a virus scanner, safe computing practice should always be used to minimise risk.
December 8th, 2002, 04:34 PM
Check that out first. It is the website for the book. It does include more excerpts from the book.
\"Ignorance is bliss....
but only for your enemy\"