How could we really know if a software is a malware (virus), for platforms like Windows or Android? How to identify it automatically if we do not have predefined datasets?
For example, when the software sends users' private information to a remote server (either encrypted or not), or requests some permissions; how could we know if the software really needs to do this, or just because it is a malicious behavior?
Similar things like updating system resources, show some windows, etc.
How could we really know if a software is a malware (virus), for platforms like Windows or Android?
Just by looking at it? It'd be probably difficult. If you go deeper and look at your Task manager in Windows and list of apps in android, and see something that shouldn't be there, probably you might find it. If you dive further and analyze packets of data using, say, Wireshark, chances are high you might find it. Please note that none of this is sure shot way of finding the "malicious" app.
Regarding Android, if you download an app for flashlight, and it requests permissions to access your files, or access to your contacts/messages, or if it's sending huge data to some server, you should look at it with suspicion.'
Again, there's no sure-shot way of finding if you've been infected. Although there are some common signs like unexpected rise in data bills, sluggish performance, uncanny behavior of device, but none of them can guarantee that your device is infected.
If you believe that your device is infected, please have a look at this answer
This question is pretty general and that is what cyber sec is pretty much about. But if i had to find quickly and reliably if a file/software/url is malicious or not i ll submit it to VirusTotal. More often that not you will find it very reliable.
If the software has never been uploaded to VT (or any other open source intelligence) , then only manual analysis can determine if the app is malware or not.
