First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Why isn't Wireshark marked as malware by Antivirus?

I'm curious as to why Wireshark, with it's powerful monitoring abilities, isn't detected and marked as malware by anti-viruses for having - what I would at times consider - a sketchy behavior? I imagine anti-viruses have algorithms to detect programs' behavior and ability to arbitrarily monitor the machine's traffic? Is Wireshark whitelisted? Does it use masking techniques? If not, then why isn't it needed? And what keeps malware from doing exactly what Wireshark does?

Havatra's avatar
1
Havatra
asked 2019-10-24 21:08:39 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

I'm curious as to why Wireshark, with it's powerful monitoring abilities, isn't detected and marked as malware by anti-viruses

"Malware" is software that does something other than what it intended.

Wireshark does what is intended - capture network traffic using the hardware and software capabilities of the machine on which it's running.

I imagine anti-viruses have algorithms to detect programs' behavior and ability to arbitrarily monitor the machine's traffic?

Many of them detect software that has already been labeled as malware, by looking for signatures..

And what keeps malware from doing exactly what Wireshark does?

Nothing other than, perhaps, a requirement for special privileges in order to capture traffic, which might cause an alert to pop up requesting those privileges. If Wireshark asks for them, a user might grant that, given that's why they installed Wireshark; if some game program they installed asks for them, they might say "wait a minute, why does this game need special privileges?" and deny them.

Or they might just say "hey, I want to see the dancing pigs!" and grant the privileges anyway.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-10-25 03:08:51 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2019-10-25 03:29:37 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer