How can One rely on single antivirus?

[Stranger]

I had downloaded a crack software today(for just checking how its works full version) and it detected by avira on my pc as malware and same crack i downloaded on other two pc where f-secure and kaspersky did not detect it as threat so did malwarebytes.
After that I installed few more cracks and sometimes it detect by one av and other do not detect it.
I upload that on virustotal where i find it detect by 19 av out of 43.
So my question is how can one rely on single av.
I feel protected with Kaspersky on my laptop but it still missed the sample.
Is that mean that crack is not a threat and it is FP which block by other av or vice versa

P.S. I am not talking or promoting cracks but i want to know about reliability on av.IF MODS thinks its not in line with rules please delete or lock it

[sm1]

Did you execute them? Kaspersky proactive defense and application control may block them.

---------- Post added at 08:39 PM ---------- Previous post was at 08:36 PM ----------

It is not advisable to test suspected malware if you don't know what you are doing. Unless you have a spare system and sufficient protection like virtualization it is dangerous as malware nowadays directly attack hardware like BIOS when admin access is granted.

[Raymond]

The truth is....

Original cracks that are untouched and unmodified are 100% safe.
Well known cracking groups have a reputation to protect and they don't embed malware into the cracks that they release, or else the release would get "nuked".

Cracks are popular hence naughty people likes to embed malwares into popular cracks so that they get more victims. It's an easy target.

Some antivirus such as Bitdefender are very sensitive to cracks, yet some are not so sensitive. Again, this is a personal preference.

[Stranger]

Did you execute them? Kaspersky proactive defense and application control may block them.

---------- Post added at 08:39 PM ---------- Previous post was at 08:36 PM ----------

It is not advisable to test suspected malware if you don't know what you are doing. Unless you have a spare system and sufficient protection like virtualization it is dangerous as malware nowadays directly attack hardware like BIOS when admin access is granted.

You are right i used it in sandboxie or wondershare time freeze as it not attack hd.
I excuted it but it has not detected or blocked by kis 2012.

The truth is....

Original cracks that are untouched and unmodified are 100% safe.
Well known cracking groups have a reputation to protect and they don't embed malware into the cracks that they release, or else the release would get "nuked".

Cracks are popular hence naughty people likes to embed malwares into popular cracks so that they get more victims. It's an easy target.

Some antivirus such as Bitdefender are very sensitive to cracks, yet some are not so sensitive. Again, this is a personal preference.

My point is that how can one know that the application or file is harmful or not as it is detected by some av as malware/virus and some big name like f-secure and kaspersky dont detect or block them, that means it is FP which is reported to av like avira and they block the file or application which are not a danger as stated by them

[leofelix]

Avoiding to talk about warez (which are unethical and in many Countries illegal); whatever sample of malware may be detected or not detected by an antivirus, it depends on several aspects (eg the way you customized your antivirus software or whether your antivirus has been updated to the latest data base and so on)
False positive detections may occur too and are on the agenda nowadays.

My advice is to use a 'second opinion scanner' such as MalwareBytes' Antimalware, HitMan Pro or SuperAntispyware: and even though those programs have been developed not to conflict with any security software you can always put them into the "Exclusion list" of your resident antivirus of choice.
(eg: MalwareBytes' never claimed to be or to replace a full antivirus: you will find some detailed instructions here).

You may also upload the most of suspicious files to Virustotal or Jotti Malware Scan then to ThreatExpert .


The so called "Common sense" is to avoid shady sites and to download questionable or illegal software, also.
A site itself might be infected (eg Malicious Java Scripts, Hidden I-Frame Injection attacks, drive-by-downloads )

A few people do not run any antivirus or antimalware and they often believe they have never been infected but they cannot prove it until they won't run a scan with one or more antivirus tools or a full antivirus program, not to count that not running an antivirus is not certainly advisable.

My point is that how can one know that the application or file is harmful or not as it is detected by some av as malware/virus and some big name like f-secure and kaspersky dont detect or block them, that means it is FP which is reported to av like avira and they block the file or application which are not a danger as stated by them

Some applications are detected as PuP, Hacking Tools, Joke and not necessarily as Trojan, Virus, adware and so on.
If the application is legit you should be able to find its checksum, its digital signature and an acceptable EULA is also displayed (you may analyze any EULA with this software )

I hope I answered to your essential questions

[Raymond]

My point is that how can one know that the application or file is harmful or not as it is detected by some av as malware/virus and some big name like f-secure and kaspersky dont detect or block them, that means it is FP which is reported to av like avira and they block the file or application which are not a danger as stated by them

All antivirus uses different method/technique for detection. Some has higher detection and vice versa.
Anyway, X-Ray will solve this problem. Auto update bug has been solved, hopefully it will be ready in a week time.

[Ceyfer √]

How can One rely on single antivirus?

User must not always rely too much on its AV software. The detection accuracy of files will always be in imperfect form, no matter how advanced the detection algorithm is. A simple file reputation system is now deeply embedded on most Av these days, though it may offer some confidence but still the user has to know that he should be responsible in his computing routines. Generally speaking, if you know to how to get rid off what should not then you are probably in harms away.

[Raymond]

IMHO, reputation system only solve amateur's problem by giving them confidence on software that can be trusted. Generally legitimate software that are downloaded directly from the official website are trustworthy.
A single byte change on a trusted software renders it suspicious/untrustworthy.

[Neo]

as far as trust is concerned , forget about one AV, even a combination of products may not be fool proof.

Ray correctly pointed out that all cracker are NOT malware, but people infect then with binders and backdoors to take advantage.

Best is too use common sense, next AV , and next other techniques like sandboxie, on-demand scanner etc.

But that too may not be fool proof ( and to me thats the fun part )

[jock]

I know someone who only uses MSE.
He tells me he backs everything up with Acronis True Image so that if he ever gets any problems he just uses the back up.

I must admit I have never used Acronis before but I have thought what a cheap and effective way to run a computer.
Can it be that easy to safeguard your computer,I have my doubts but he swears by it.