Question about virus scans.
in [Viruses]
|
From: FromTheRafters on 3 Feb 2010 20:26 "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message news:6NqdnSBDIbDVYvTWnZ2dnUVZ_oWdnZ2d(a)giganews.com... > > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message > news:hkbnlo$t9q$1(a)news.eternal-september.org... >> "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message >> news:V_CdnVef2KEyYvXWnZ2dnUVZ_uqdnZ2d(a)giganews.com... >>> When a full scan is done on a computer, are all files of all types >>> looked at for infection or only files that have changed since the >>> last scan? >> >> Which AV program? >> > Well, I'm using McAfee but wouldn't most AV programs operate the same > way. Some do, some don't. Some use it for a quick scan but all files (full scan) still means all files. > I thought the big difference between AV products was the size of their > signature library and suspicious behavior algorithms. The size of their library is a poor metric, and all algorithms have their downside. Most important these days is the response time and support channels.
From: ghelf on 3 Feb 2010 23:18 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message news:hkbnlo$t9q$1(a)news.eternal-september.org... > "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message > news:V_CdnVef2KEyYvXWnZ2dnUVZ_uqdnZ2d(a)giganews.com... >> When a full scan is done on a computer, are all files of all types looked >> at for infection or only files that have changed since the last scan? > > Which AV program? > Is ask this question because I'm curious if I could cut down on how long it takes to do a full scan of my system. Is 90 minutes pretty typical for a 3 year old computer. Why is it necessary to rescan files that have not changed since the last scan. Is it necessay to scan text files or are all files types infectable? I know people will just tell me to do my scans at night but I am curious as to why it takes so long. Also if anybody can recommend a good book (novice level) that can explain what viruses can & can't do. I used to have a good understanding of this stuff but now it sounds like their is nothing a virus can't do.
From: FromTheRafters on 4 Feb 2010 06:50 "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message news:l5WdnZ2EbO8F1_fWnZ2dnUVZ_vydnZ2d(a)giganews.com... > > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message > news:hkbnlo$t9q$1(a)news.eternal-september.org... >> "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message >> news:V_CdnVef2KEyYvXWnZ2dnUVZ_uqdnZ2d(a)giganews.com... >>> When a full scan is done on a computer, are all files of all types >>> looked at for infection or only files that have changed since the >>> last scan? >> >> Which AV program? >> > Is ask this question because I'm curious if I could cut down on how > long it takes to do a full scan of my system. Is 90 minutes pretty > typical for a 3 year old computer. My system takes about 80 minutes to scan. > Why is it necessary to rescan files that have not changed since the > last scan. They may contain malware that was unknown at the time the files were last "inoculated" by the change detection feature. > Is it necessay to scan text files or are all files types infectable? Not all filetypes are "infectable", but AV scanners have taken to looking for non-viral malware as well, so non-infectable filetypes are searched for malware components that may be "hiding" within these (container) filetypes. > I know people will just tell me to do my scans at night but I am > curious as to why it takes so long. Still, it is done a lot faster than it could be done by yourself. In fact, I'm willing to bet it would be impossible for you to do this yourself. > Also if anybody can recommend a good book (novice level) that can > explain what viruses can & can't do. I used to have a good > understanding of this stuff but now it sounds like their is nothing a > virus can't do. Unfortunately, you will find as much misinformation as information from such novice level books. I'm sure many here will be willing to answer specific questions about the capabilities of viruses, and what does and does not qualify as a virus - and why.
From: David Kaye on 4 Feb 2010 21:04 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote: >Not all filetypes are "infectable", but AV scanners have taken to >looking for non-viral malware as well, so non-infectable filetypes are >searched for malware components that may be "hiding" within these >(container) filetypes. One particularly nasty bit of malware took .txt, .doc, and html files and added a URL to a site in Poland. The intent, it seemed, was to reach that site one way or another for further instructions. It was amazing because as the malware ran it was rapidly going through the disk and infecting only those kind of files that could be loaded via a browser or a Microsoft Office suite program. It left executables alone! All in all, about 5000 files were affected until I realized what was going on and stopped it. Also, there was no program available to reconstruct those files without the URL in them. So, my remedy was to warn the customer and to put an entry in the hosts file to redirect attempts to local machine.
First
|
Prev
|
Pages: 1 2 Prev: Question about Kaspersky Internet Security 2010 Next: Is Symantec no longer on Virus Total ?? |