Everything written so far is only too true. Back in the day, the antivirus programs actually checked the file for viruses.
Today, they do not! They will check the header and if it the file is packed with anything but the UPX packer, it will more often than not be flagged as suspicions and sometimes even a specific virus trojan is reported. Today it is enough that a file contains links to a site with unpackers for it to be reported (ref: EXEInfoPE by A.S.L)
Further manual inspection reveals however, that there is no internet activity at all going on. applying the suspicious program to a test system reveals the only thing dropped is one to two files to the temp directory which may be a .mod and a .dll to play it.
In this respect, the sheer number of false positives may actually help spread viruses. I base this on the following.
A 14 year old reads about a new game and asks his parents to buy it. He gets the reply that he can have it for chrostmas. Now that is a lifetime away for a 14 year old even though it may be two months.
The next day he gets a link from one of his schoolmates and downloads a cracked version. His antivirus pops up a warning about risk-ware and cautiously he writes in the forum of the site that there is a virus in the release. Sure enough, he get loads of replies that this is a false positive that he can safely ignore. He applies the crack and play happily. This goes on for a few games but after one or two months, he recons himself a seasoned user of cracked games and so does not bother to check the forum - boom, infected.
The kid does not know that yet and the next day he passes the link to another schoolmate who calls him up about the report from the antivirus. Without any background check he tells him that he can safely ignore the warning…
As they work today, noone NEEDS an Anti-virus installed, but it will require a computer savvy person to make it work.
Here’s a way to obtain even better security, but you’ll need to reset
the settings back to normal whenever you need to install updates or new programs.
The trick is to use the security settings already found in Windows:
Set the registry permission on the Run/RunOnce keys to read only
for everyone (not just the Everyone account).
You can do this for the Drivers/Services key, but it will require
a restart. [This isn’t advisable since some programs require you to
install drivers, still it’s great protection for existing services,
and to prevent malware.]
For the Windows NT key (winlogon/userinit), only allow the System
account access to read and write, and set your username and other
accounts to read only.
The above is written in an unclear way without step-by-step or exact
path to the keys mentioned. This is done deliberately!
Well, tweaking these settings without proper knowledge can render you with no other options than a full reinstall of the operating system.
In other words, if you:
- Don’t know the above key’s location in the registry.
- Don’t have a firm understanding of the Windows registry as a whole
and its function in the Windows environement.
- Don’t understand how to take ownership of files/folders/registry
- Don’t know files/folders/registry keys/Security settings generally.
***** DON’T ATTEMPT THIS! *****