Unfortunately the problem isnât as simple as that: Definition-based antivirus programs look for specific characteristics (think mug shots of the wanted criminals), and virus creators go out of their way to make sure their latest virus version doesnât look like that.
Without going into boring technical details, there are programming methods to make code look like it doesnât do what it actually does, or at least prevent understanding what it does.
Virus creators use the aforementioned VirusTotal too, and they donât release their newest version before no AV sees anything to complain about. As soon as their product (viruses are commercial products nowâŚ) starts getting detected (couple days or weeks), they stir the code around and release a new, undetectable version. And so on.
There are also behavior-based antivirus solutions (usually all major AV solutions do a mix of both), but the behavior-based detection is very difficult to get right, because some programs are supposed to do things you wouldnât want a virus to do (delete files, connect to Internet, etc.).
For this reason they require some in-depth knowledge to be used to their full potential, but on the other hand they donât depend on definitions, and will detect suspicious behavior no matter how well the code was obfuscated.
Instead of checking of somebody is on their âwantedâ list, they will simply arrest anybody caught doing bad thingsâŚ
(Being overly pedagogic and verbose because most people here arenât IT-savvy)
My point is, as I said above, that while AV is definitely not a silver bullet, it is definitely better than not having one. I know far too many (non-IT) people who called me at strange hours because their AV gave an alert. Only 1% of those were false alertsâŚ
True, the only moment they can scan a program on recent Androids is while youâre downloading and installing it. After that itâs out of bounds.
But as I said, better a bad detection than none. It helps for instance against droppers, i.e. apparently innocent (and clean) programs which some time later (days, weeks) silently download and install the actual malware.
True, many exploits are not permanent, they only reside in memory (no file on disk).
Unfortunately, while servers are almost never rebooted and there is no need to achieve persistence there, computers and phones are much more often restarted. So for those, once they have managed to gain a foothold, miscreants will immediately try to install a rootkit (virus starting before the OS and thus undetectable and indestructible.
That been said, at a time I had reasons to be a little more paranoid, I rebooted my phone every evening indeed.
That is true! But there is no easy one-click solution to human stupidityâŚ
That been said, installing a keylogger which will steal your banking passwords (and most importantly, your cryptocurrency wallet!) is still a very popular âget-rich-quickâ scheme.
Viruses arenât just your grandfatherâs threat yetâŚ