> Checksum of programs on the client --- that is exactly what
> "Anti-virus"
> software is basically doing, scanning all files on a system and doing
> pattern matching. The anti-virus software vendors are also in the
> business
> of making "lists" and distributing those "lists" of patterns.
A/V software may do heuristic scans, but those most definitely do not count as
checksums in the tripwire sense of the word. I assume when checksums were brought up,
it was in the context of cryptographic hashing algorithms.
> I personally don't see as much need for the real-time "system slowing"
> non-stop virus scanning that Martin [[EMAIL PROTECTED]] talks about for
> this
> type of issue. A scan every 24 hours would seem sufficient to identify
> potentially "undesired" programs (above and beyond normal virus
> scanning).
I like running a non-stop virus scanner - it scans everything being loaded in to
memory. When I have a message that had a virus I've deliberately gotten on to my
desktop, the virus scanner won't let me touch it unless I disable it - I think it's
an excellent solution for virus prevention. Given that I'm running NT4 on a PII233, I
don't think my hardware is excessively quick, and I haven't noticed any real speed
problems.
(Disclaimer: my employer resells virus scanning software)
Mike
----
Michael Owen
IT Security Engineer
NET-TEL Computer Systems Ltd
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
