I had recently (finally) gotten a reply from my favourite Anti Virus software developers ESET on their Twitter Page:
ESET @ESET 2h
@TOPNOTCHPClol if you haven't already, please post this issue with as much info as you can share via https://forum.eset.com - Thanks!
(I am new here, so I apologize if I did not post in the correct area) I will basically be copying and pasting my original post on the Linus Tech Tips Forum
(Before starting a description, this is not exactly news and I am not much of a writer, however I am posting it here including my sources. This issue, as-well as the IPv6 Router Advertisement flood needs to be resolved. This won't be the easiest to read however, anyone with some technical knowledge should be able to get the just of what I am saying) Sam Bowne teaches Ethical Hacking at the City College San Francisco1. Sam Bowne has done many talks at Defcon which can all be found on You Tube2. Most recently Sam Bowne had his students modify & compile malware in Python into Windows executables3, thus making Virus Total.com unable to detect it(Virus Total does not use heuristics, as normal Anti Virus engines would) making the code effective against Anti Virus softwares with Behavioral Analysis options disabled(Which they very rarely are)4. After having published his findings a Twitter follower by the name of Bobby 'Tables5 suggested to Sam Bowne that Behavioral Analysis really only watches the process for "a minute or two", suggesting that a simple delay in combination with Sam's original method could make both definitions obsolete by modifying the malicious code, compiling in Python, then switching it over to a Windows executable, leaving heuristics or "behavioral analysis" the only thing left to pick up the malicious code. To get around heuristics Sam simply used a delay after starting the process to in essence wait until the guards pass to do something malicious. The delay issue in itself actually worries me a fair bit more than, a slight modification of malicious code in Python. My suggestion for Anti Virus manufacturers is to offer users the flexibility on both how long heuristics will watch certain processes, and maybe even the intervals in which the Anti Virus software re-checks processes. Anti Virus Software such as ESET Nod32/Smart Security is already so light weight and efficient that, I could see myself having it watch processes for about an hour long still with minimal performance hits. If you are interested in watching a video on Sam Bowne demonstrating these concepts the link has been provided in the sources, as-well as a link to a video on IPv6 Router Advertisement Floods. Sources: (To see video demonstrations follow this link to my original post please: hxxp://linustechtips.com/main/topic/199011-python-delay-makes-anti-virus-softwares-obsolete/) 1: https://twitter.com/sambowne 2: https://www.youtube....am Bowne Defcon
4: hxxp://samsclass.inf...oj14/norton.htm 5: https://twitter.com/info_dox
RA flood Videos: RA flood hitting fortigate:
RA flood discussion: