Professor ■■■■ is … a Professor and a searcher, and as such wrote something yes, quite theoric, but that could be easily exploited.
And the “goodbye world” thing has not to be intercepted by AV since it is innocuous: it merely serves as an example to show that 2 different files can have the same MD5, to conclude that MD5 is not a safe protection anymore.
In the same time, load eicar.exe to virus total or download it, and everyone shall jump altough eicar is also perfectly innocuous.
The problem is that AV rely on databases and sometimes “heuristic behavior”, but that even “heuristic behavior” relies on a database: not in the database, not caught, and it is the reason of the “hello world” suggestion by Melih, but where if you were writing yourself your own malicious “hello world” program, it would never be caught, the only line of defense remaining a “unknown file default blocking behavior”.
I don’t use CIS AV, but i believe it wouldn’t be more efficient against this kind of threat than Avira, failing.
I also get no warning whatsoever from CIS firewall, but of course, when i try to run “hello world”, defense+ warns me that it is unknown.
We also must remind that, if not getting fooled by one file between many in a downloaded compressed folder, the best line of defense is betweeen our ears: no one should be fool enough to run a file he is not sure of.
The “compressed folder” situation is somewhat more difficult, and can be compared to mail attachements: if one does not deliberately click the unknown file, he stays safe if he forbids default scripting (IE Active X and so on, calling the malicious file when you meant to open plain html).