In message <[EMAIL PROTECTED]>, "Chur ch, Chuck" writes: > >What about all the viruses out there that don't forge addresses? >Sending a warning message makes sense for these. Unless someone has >done the research to determine the majority of viruses forge addresses, >you really can't complain about the fact that the default is to warn. >Calling vendors 'clueless' because a default doesn't match your needs is >a little extreme, don't you think? The ideal solution would be for the >scanning software to send a warning only if the virus detected is known >to use real addresses, otherwise it won't warn. >
A-V companies are in the business of analyzing viruses. They should *know* how a particular virus behaves. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb