Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: malwares
From:
David Gillett <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Thu, 8 Mar 2007 20:11:31 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (47 lines) 
On 8 Mar 2007 at 1:37, chipo chika wrote:

> How do scanners differentiate between normal files and viruses, adware
> and spyware? What makes some scanners more efficient than others.

  The vast majority of current antivirus products a;; have a similar 
structure:  A database of patterns ("signatures") of infections is updated 
periodically, and a program searches each potentially-infected file looking 
for any patterns that are in the database.
  The signature should be a pattern that, for whatever reason, only appears 
in infected files.  Every now and then, somebody goofs, and a signature is 
released which turns out to also match some non-infected files -- I think 
there was a MacAfee update about a year ago that had such a problem.
  One of the reasons you don't want to run two antivirus packages is that 
one of them might find what it thinks is an infection, in the signature 
database used by the other package....

  There are a couple of ways to speed up scanning.  One is to suck the whole 
signature database into RAM so that disk operations are minimized; that's a 
big part of the reason why the signature databse doesn't contain every 
signature the vendor has ever heard of.  Instead, the database on each 
customer's PC contains only signatures that the vendor thinks customers are 
likely to encounter.
  Another is to be smart about recognizing files, or large parts thereof, 
which cannot be infected.  It's quite possible that some virus signature 
sequences exist among my gigabytes of digital images, but there's no point 
in the scanner looking at every byte of every file.

  Signature-based scanning has one major drawback:  It can only recognize a 
virus if the vendor has seen it, has (correctly!) created a signature for it 
(some viruses constantly re-encrypt themselves to make this hard!), and the 
user has received the update to their local database.  That often takes 48 
hours from when the virus is first reported.
  There are a small number of fairly expensive products which work on other 
principles, monitoring system operations for "suspicious activity".  This is 
a much harder job than matching against a database of signatures, but it has 
the advantage of often catching viruses that the AVvendors don't know about 
yet.  These products aren't really marketed to home users, but they're a 
good choice for server administrators.

David Gillett

               The NOSPIN Group Promotions is now offering
                 our special coffee cups and mouse pads
              with the PCSOFT logo...  at a great price!!!
             http://freepctech.com/goodies/promotions.shtml

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV