|
![](/i/fill.gif) |
On 6/5/2011 14:38, Orchid XP v8 wrote:
> Don't you just love the way most AV product insist on down periodic manual
> scans?
Security in depth. Try Microsoft Security Essentials. It's really good.
> 1. If a file is never opened, it doesn't *matter* how's inside it. It can't
> possibly run.
But you still might propagate it to someone else, even if you don't run it.
> 2. If a file is opened, the on-demand scanner will scan it anyway. There's
> no need to do a manual scan as well.
"I have an idea! Let's make the system seem more responsive by doing a scan
of a file the very instant the person starts waiting for it to run! That'll
have the double-good effect of loading every single page of the executable
into RAM, bypassing that pesky demand-paging stuff."
> 3. I've yet to see any AV product which "remembers" which files it's scanned
> and stops rescanning them unless they changed.
Microsoft security essentials.
> (Presumably because that
> would make it too easy for a virus to slip past; just tweak the file
> timestamp...)
Don't use the timestamp. Use the USN journal. That's what it's for. Indeed,
you can just do a lazy background scan of anything that might be an
executable after whoever is writing to it finishes writing to it.
> For that matter, I've yet to see an AV product that's any good at *removing*
> malware. Most of them will *detect* an infection, but they do an utterly
> crap job of *removing* it.
It depends on the malware. It's hard to "remove" an infection that has
replaced valid code with virus code.
--
Darren New, San Diego CA, USA (PST)
"Coding without comments is like
driving without turn signals."
Post a reply to this message
|
![](/i/fill.gif) |