Is Norton an "excellent" virus scanner these days? I haven't been following the scene for a few years, but it seems like the Norton scanner was more of a toy than a tool a few years back; if you wanted a good scanner in those days, you went with F-Secure (www.datafellows.com), which had the best (if not the only) heuristic engine at the time and a very good dictionary. Who makes good scanners these days, and what makes them so good?
--Matt Landheim Wednesday, January 30, 2002, 7:17:00 PM, you wrote: > Hi all, > My question for today is How Do Virus Scanners work ? I mean the really > excellent scanners like Sophos and Norton, amongst others. > I mean, they do check for signatures of a Virus identity ? But what method ? > I can think of a few possibilities to make my question clearer .... > 1. Scan for size of file, or header of file, or structure of file (probably > not) > 2. Scan for include files and include library, and procedures ? > 3. Scan for the sequence at which a file executes, for eg, getting > addresses, then open socket, connect to SMTP ? > 4. Scan for standard declared texts ? eg. Subject db "Credit Card details",0 > Question begs to be asked, if updated Virus identities files are 'modified', > can it become a threat to the Virus programs, since they mostly run with > SYSTEM privileges ? How is this prevented ? > Thanks in advance, I am very curious. > regards > Steve > note : One of our readers have a virus, it was sent to those who responded > to the WAN/LAN Remote Management thread. I dont know who it is as the return > path is altered, it had a ".mp3.pif" extension with no malicious payload.
