Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2019-10-25 03:08:51 +0000

Guy Harris gravatar image

I'm curious as to why Wireshark, with it's powerful monitoring abilities, isn't detected and marked as malware by anti-viruses

"Malware" is software that does something other than what it intended.

Wireshark does what is intended - capture network traffic using the hardware and software capabilities of the machine on which it's running.

I imagine anti-viruses have algorithms to detect programs' behavior and ability to arbitrarily monitor the machine's traffic?

Many of them detect software that has already been labeled as malware, by looking for signatures..

And what keeps malware from doing exactly what Wireshark does?

Nothing other than, perhaps, a requirement for special privileges order to capture traffic, which might cause an alert to pop up requesting those privileges. If Wireshark asks for them, a user might grant that, given that's why they installed Wireshark; if some game program they installed asks for them, they might say "wait a minute, why does this game need special privileges?" and deny them.

Or they might just say "hey, I want to see the dancing pigs!" and grant the privileges anyway.

click to hide/show revision 2
No.2 Revision

updated 2019-10-25 03:29:37 +0000

cmaynard gravatar image

I'm curious as to why Wireshark, with it's powerful monitoring abilities, isn't detected and marked as malware by anti-viruses

"Malware" is software that does something other than what it intended.

Wireshark does what is intended - capture network traffic using the hardware and software capabilities of the machine on which it's running.

I imagine anti-viruses have algorithms to detect programs' behavior and ability to arbitrarily monitor the machine's traffic?

Many of them detect software that has already been labeled as malware, by looking for signatures..

And what keeps malware from doing exactly what Wireshark does?

Nothing other than, perhaps, a requirement for special privileges in order to capture traffic, which might cause an alert to pop up requesting those privileges. If Wireshark asks for them, a user might grant that, given that's why they installed Wireshark; if some game program they installed asks for them, they might say "wait a minute, why does this game need special privileges?" and deny them.

Or they might just say "hey, I want to see the dancing pigs!" and grant the privileges anyway.