How they trick the antivirus to delete files
This is a discovery made by Or Yair. It is a method that allows you to trick the antivirus into deleting files that actually belong to the system Windows. Basically the discovery is that they can manipulate the detection and response of antivirus and act in an undesired way.
This bug can be exploited through user accounts no need to have administrator privileges. With that alone they could delete files from the system. This exploit could be used to delete files that are really important and cause the computer to not start or lose certain essential functions.
A malware of this type will have the clear objective of acting as a file shredder and causing damage to the computer. It must be taken into account that an antivirus is a very useful tool to eliminate threats, but it can backfire if an attacker manages to exploit a vulnerability and make it delete files that are necessary.
what he did for test your theory was to create a malicious file in a temporary directory that redirected to an important system file just at the moment when the antivirus detected the threat and removed it. To avoid the problem of the antivirus removing it immediately, what he did was keep the file open. In this way, security programs re-requested access to remove it.
So what you basically needed was to create a malicious file on the system with a special path, keep it open so the antivirus can’t delete it, delete the directory, and create a link to point from the deleted directory to another.
Several vulnerable antiviruses
In total Or Yair tested 11 major antiviruses. 6 of them were vulnerable to this bug and here we can name some like Windows Defender or Avast. However, all these antiviruses have already released updates to correct the problem so that this cannot happen anymore and protect the systems correctly.
So our advice is to make sure you have the latest version of anti virus. It doesn’t matter which one you have installed, as there can always be vulnerabilities that cause security to not be as good as it should be. Install any new version that there is and you must apply the same in any program or system that you use.
Now, you should know that security is not just having an antivirus. That is, even if you have the best installed, you could still be the victim of different attacks on the Internet. For example, they sneak a false link that is actually Phishing and steal your passwords. That is where common sense and knowledge come into play. recognize fake links.
In short, as you can see, they have detected a new trick that could eliminate important files from the system. It is essential that you use an antivirus, but it is also essential that it is updated to the latest version and thus avoid problems.