Greg Mayman (3:800/449) wrote to Steven Horn at 09:18 on 29 Apr 2003:

 GM> How do you work that out? It may take only hours before the virus
 GM> is all round the world. It amy take weeks before Norton and
 GM> MacAfee have a new definition file ready for their customers.

If it took those companies that long, they'd be out of business very
quickly.  In the case of the Lovebug virus, we had updated McAfee virus
defintion files within an hour of the time the first infected file was
open. 

 GM> Every time a new virus is released, every existing definition file
 GM> is outdated, since it can cover only viruses in existence at the
 GM> time of its release.

Unless there is a heuristic capacity built in.:->  Norton clainms that
its Worm Blocking and Script Blocking can detect new threats even before
new virus definitions are created for them.

 GM> The heuristic detection is based also on what tricks new viruses
 GM> are likely to use. Obviously this is based on what older viruses
 GM> used, but not limited to that. So it can give a degree of
 GM> protection against viruses that do not exist as yet.

One hopes so.

 GM> But you could still be in trouble, even if you DO keep your def
 GM> files up to date.

So far so good.

 GM> Some time ago I saw an article advising never to rely on only one
 GM> virus detection system, especially one of the better known ones.

But based on what experience?  One has other things to do in one's life
than run programs and files through multiple virus checkers. 

 GM> Logically, anyone creating a virus is going to try to make it
 GM> undetectable by the techniques used by the better known virus
 GM> detectors.

That assumes that the script kiddies have the ability to reverse engineer.

 GM> The writer suggested using at least two protection systems,
 GM> preferably using completely different techniques for detecting
 GM> virus.

Do you wear a belt and suspenders?

Take care,

Steven Horn (steven_a_horn{at}yahoo.ca)
Moderator, ALASKA_CHAT 
--- timEd/386 1.10.y2k+