It has been my experience that Norton is a little slow in comparison to Trend and Sophos. Trend and Sophos are usually the first to announce and release the patterns for new virii. They are typically an easy 4 hours ahead of Norton. Just my $.02
On Sat, 2 Feb 2002, Matthew J. Landheim wrote: > Is Norton an "excellent" virus scanner these days? I haven't been > following the scene for a few years, but it seems like the Norton > scanner was more of a toy than a tool a few years back; if you wanted > a good scanner in those days, you went with F-Secure > (www.datafellows.com), which had the best (if not the only) heuristic > engine at the time and a very good dictionary. Who makes good scanners > these days, and what makes them so good? > > --Matt Landheim > > Wednesday, January 30, 2002, 7:17:00 PM, you wrote: > > > Hi all, > > > My question for today is How Do Virus Scanners work ? I mean the really > > excellent scanners like Sophos and Norton, amongst others. > > > I mean, they do check for signatures of a Virus identity ? But what method ? > > I can think of a few possibilities to make my question clearer .... > > > 1. Scan for size of file, or header of file, or structure of file (probably > > not) > > 2. Scan for include files and include library, and procedures ? > > 3. Scan for the sequence at which a file executes, for eg, getting > > addresses, then open socket, connect to SMTP ? > > 4. Scan for standard declared texts ? eg. Subject db "Credit Card details",0 > > > Question begs to be asked, if updated Virus identities files are 'modified', > > can it become a threat to the Virus programs, since they mostly run with > > SYSTEM privileges ? How is this prevented ? > > > Thanks in advance, I am very curious. > > > regards > > > Steve > > > > note : One of our readers have a virus, it was sent to those who responded > > to the WAN/LAN Remote Management thread. I dont know who it is as the return > > path is altered, it had a ".mp3.pif" extension with no malicious payload. > > >