• atzanteol
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    7 months ago

    Why? It’s not hard. They typically hash files and look for hits against a database of known vulnerabilities.

    • boredsquirrel@slrpnk.net
      link
      fedilink
      arrow-up
      7
      ·
      7 months ago

      Yes and if viruses use something like base64 encoding or other methods, the hashes dont match anymore.

      As far as I understood it, it is pretty easy to make your virus permanently un-hashable by just always changing some bits

      • atzanteol
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        The xz backdoor was a packaged file distributed with the standard packages though. It would be trivial to find.

        • boredsquirrel@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          This is obviously not about this known file.

          It is about “would this scanner detect a system package from the official repos opening an ssh connection”

          • atzanteol
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Sorry, I was responding to:

            I HIGHLY doubt that they would detect the XZ backdoor

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      That doesn’t work against polymorphic malware

      I think the best way is to monitor calls and behavior. Doing that is a privacy nightmare