On 12 Dez., 17:17, Boris Zbarsky <bzbar...@mit.edu> wrote: > On 12/12/10 4:48 AM, thorsten wrote: > > > The main costs I can see is at the moment: > > * Annoying the user (FPs, PopUps, forcing him to decide) > > * Maybe privacy issues if I go cloud > > * Maintainance (if there are to many FPs that must be fixed using the > > cloud-feature) > > The one antivirus writers never seem to think about: performance impact. > Maybe it's ok to make everything 10x slower for a slight marginal > safety increase, as AV software has a tendency to do. But maybe not! > > -Boris
Hi I am an AV writer and we definetely do think about performance. But today you need lots of tools to get the Malware detected. Scanning the whole file for signatures (millions of signatures), extracting of archives, generics, emulation of binary stuff, parsing of HTML/Javascript,decryption... We try very hard but reality is just against us. There will always be some impact and you will always have to trade security for other things like performance. I will try to get this one as fast as possible, and I even think that with some smart pre- selection there are not many online lookups, resulting in only a very small performance impact. I think annoying the user is the thing thats more likely to happen than performance trouble. If I do not manage to reduce the user decisson fallback to (almost) zero the project fails. People are just not able to do any security decissions (especially when they are social engineered). But I promise: as soon as my large fear (annoying the user) is away and cared for I will measure the performance impact. Thanks Thorsten _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security