* Clive Taylor <[EMAIL PROTECTED]> writes: > Hi Carsten, >> I don't believe you because even NOD32 does not detect /new/ >> viruses. IMHO this is an important fact many users seem to forget >> these days
> What do you mean "NOD32 does not detect new viruses"? I mean virus scanners don't detect unknown viruses. This web page is in German but it shows in detail how quickly AV companies provided virus definitions for ... Win32/Bagle worm: <http://www.pcwelt.de/news/viren_bugs/37070/2.html> Win32/Xombe trojan horse: <http://www.pcwelt.de/news/viren_bugs/37070/3.html> And here's something very nice from Symantec: <http://securityresponse.symantec.com/avcenter/refa.html#iudefs> | Virus Definitions (Intelligent UpdaterTM) | | [...] The virus definitions are posted on U.S. business days (Monday | through Friday) and can be downloaded from the Symantec Security | Response Web site and manually installed. | | [...] | | Home users: While it is possible, it is not absolutely necessary for | you to download and install the Intelligent Updater definitions | daily. [...] Interesting. Now see how quickly the latest worms spread over the internet and compare that to the delay of virus definition updates. > It's one of the > best out there at detecting viruses and updating itself against new > threats. I think you are absolutely right (although I don't know NOD32). The question is: is »one of the best« or even »the best« enough to prevent such worm floods in the future. The answer is: no. Users have to be educated *not* *to* *trust* their anti virus tools. There always is a time frame from several hours to two or more days when these tools are unable to find brand new malware. Another question: is this really a problem? I see much too many people trusting their AV tools ultimately telling me »how on earth can this e-mail contain malware when my virus scanner keeps quiet?« Those users have to learn how to detect dangerous mail content with their eyes only. I think this is possible. To make it short, I think todays mail worm are not at all a technical problem but an educational one. > It's proven - especiall? here in the past few days with the > MyDoom worm. MyDoom prooves only one thing: users are not very, erm, clever or use the wrong mail client ... ;-) Carsten -- ________________________________________________ Current version is 2.02.3 CE | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html