Reply to post: If it's too hard, why bother?

No big deal. You can defeat Kaspersky's ATM antivirus with a really fat executable

hellwig

If it's too hard, why bother?

When this time interval runs out, the program is started anyway.

Sounds like someone made a trade-off between user experience and security. Who let the sales people into the meeting on security?

This is a one-shot attack because the hashing process is not halted, and the system caches signatures. Therefore, the next time that executable is started, Kaspersky's software will be able to immediately realize the file is bad and stop it.

So, the last thing your application should do is rename and reinstall itself?

I'm less worried about Kaspersky's ties to the Russian government and more about their QA and verification procedures.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon