Quote:
Originally Posted by FawFul
Just out of interest, would that mean that an antivirus eventually stops detecting it because some magic download number has been reached?
|
Not directly. I think Google Chrome takes download count directly into account and warns you if an executable file is rarely downloaded, but Chrome is a web browser. An actual antivirus would probably have to go further than that. I know Avast has the thing where if it suspects a file is dangerous, it suggests that you send it for further analysis. Who knows what that means; probably still heuristics but ones that take so long to run that people wouldn't want to do it on their own personal computers, so they have servers do it.
Theoretically, a large number of downloads (by unique people all running the same antivirus software) could lead to the software coming to conclusion that "OK, a lot of people are running this file instead of just 5, maybe we should actually perform deeper analysis on it," which could effectively mean that a magic threshold has been reached and now the file is suddenly no longer considered malware, but internally it would be because it has qualified for further analysis which found it safe. This makes sense in theory - if the more accurate analysis is more computationally expensive and performed on company servers, the company may want to avoid using it for every report, and the number of users it affects is a decent metric for estimating how urgent that is. Does any antivirus software actually employ this strategy? I have no clue. They're black boxes as far as I know.
__________________
I am an official JJ2+ programmer and this has been an official JJ2+ statement.
|