Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Speedy thing goes in... : Re: Speedy thing goes in... Server Time
30 Jul 2024 00:27:25 EDT (-0400)
  Re: Speedy thing goes in...  
From: Darren New
Date: 6 Jun 2011 13:55:22
Message: <4ded148a$1@news.povray.org>
 
On 6/6/2011 10:29, Orchid XP v8 wrote:
> Seems to me more like "useless busy-work to reassure the customer that we
> really are doing something".

Or maybe "check that you haven't installed something while the scanner was 
turned off"?

> I notice that Symantec AntiVirus Corporate Edition doesn't do scheduled
> scans at all by default. (Unless you explicitly ask it to.) Neither did
> Trend Micro, until our IT department turned it on. (Why?)

See above.

>> Try Microsoft Security Essentials. It's really good.
> It has "Microsoft" in the name. Why would it be good?

Because it's written by the same people whose OS you're trying to protect is?

> That's a valid argument for a file server. But even in that case, you (or
> somebody else) still has to *access* the file.

But the other person might not have a virus scanner.

> While we're on the subject, almost all AV product claim to be able to detect
> "virus-like behaviour" even if they don't have signatures for it. But I've
> yet to see this actually work in practise...

I have.

> It's an optimisation in that it only scans files which could actually harm
> the system, without wasting time scanning files which are never used. On the
> other hand, it also scans them at the worst possible time...

Right. That's why using the USN journal is such a good idea.

>> Don't use the timestamp. Use the USN journal. That's what it's for.
>
> And how many 3rd parties know this exists? (Also, it only works for NTFS.
> Which should be a non-issue, because *nobody* should be using FAT by now...)

If you don't have the USN turned on, fall back to on-demand scanning. Lots 
of third parties know it exists. It's well documented and has been around 
for years. Heck, *I* know it exists and I don't even try to write 
non-portable Windows code.

Too many people try to do cool stuff and just skip all the tools that 
Windows gives you to make it work well. Not knowing the USN journal exists 
when you're writing file scanning software for Windows is like not knowing 
the Apple UI guidelines exist when trying to write interactive code.

>> Indeed, you can just do a lazy background scan of anything that might be
>> an executable after whoever is writing to it finishes writing to it.
>
> You might argue that you could also do lazy on-access scans by logging who's
> accessing stuff, and then checking after. Still, difficult to block access
> to a file after it's been accessed...

Right. But this way, you're scanning the executable as soon as it gets 
potentially-infected, not when the person is waiting for it to run. You get 
notified as soon as you visit the web page that gives you the virus, not a 
week later after you have no idea why the program you only use once a week 
is suddenly different.

> Now why the **** couldn't McAfee have done that for itself?

Dunno. Privilege problems?

-- 
Darren New, San Diego CA, USA (PST)
   "Coding without comments is like
    driving without turn signals."


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.