Felix von Leitner <[EMAIL PROTECTED]> writes:
> Signature based detection can never catch current virii.
Either
s/current/new/
or
s/catch/reliably catch/
There can be no argument that a signature based virus scanner can
catch SOME viruses. The question is how reliably.
The two issues are:
1) Virus signatures MUST lag behind viruses. Therefore there is
always a window in which the virus exists but not the signature.
Signatures only help you if you're not an early victim.
2) The actual virus code may be hidden inside a wide number of
packaging schemes; different mime encodings, compression formats,
encryption formats, etc. It is impossible for a virus scanner to be
able to read them all. Thus some known viruses can slip by because
they're inside an unknown packaging scheme.
Therefore, signature based scanners CANNOT be a 100% reliable method
for preventing viruses.
Felix, you seem to be of the opinion that anything less than 100%
effectiveness is worthless? Or is it just that in your opinion
signature based scanners are TOO FAR beneath that 100%?
IMHO point (1) is more important than (2). Most of the time, viruses
arrive in standard formats. Virus spread, however, is very fast
nowadays -- it is increasingly common to get the virus before the
signature, while in the past (given slow methods of propagation such
as floppy disks) viruses spread much more slowly.
And yes, the right solution to viruses is getting rid of the holes
they exploit. There is no good reason why the functionality a Word
macro virus exploits needs to exist. However, good luck getting
Microsoft to fix their broken logic!
-Matt
--
| Matthew J. Brown - Senior Network Administrator - NBCi Shopping |
| 1983 W. 190th St, Suite 100, Torrance CA 90504 |
| Phone: (310) 538-7122 | Work: [EMAIL PROTECTED] |
| Cell: (714) 457-1854 | Personal: [EMAIL PROTECTED] |
