-=> Steven Horn said to Greg Mayman
 -=> about "FTP07" on 05-04-03  22:18.....

 SH> {at}MSGID: 1:17/67.0 eb5bf8b4
 SH> {at}CHRS: IBMPC 2
 SH> Greg Mayman (3:800/449) wrote to Steven Horn at 09:29 on 03 May 2003:
 
 GM> Did you mean the first infected file that arrived at YOUR
 GM> computer, or the first one at McAfee's?

 SH> The first infected file that arrived at our network.

I thought it might be that.
 
 GM> Or the VERY first file in all the world, that carried that
 GM> particular virus?

 SH> Who knows where in Asia that was.

Why in Asia?
 
 GM> There is no way McAfee could become aware of this virus until
 GM> either (1) they realized that it had arrived at one of their own
 GM> computers; or (2) someone outside the company notified them of it.

 SH> Probably the second.

So it could have been in circulation for a relatively long time,
probably several days, before you received the updated def file.
 
 SH> That's the imponderable.  However, it appears that both Norton and
 SH> McAfee can add a definition within 8 hours of "discovery"
of the virus.

Probably even less time than that.
 
 GM> Kiddies???? Don't underestimate the enemy! That way lies certain
 GM> defeat.

 SH> Who said script kiddies are young.

Who said anything about "young"? Not me...

 GM> A false analogy. No-one is trying to attack my trousers.
 SH> But if they fall down, you will be embarrassed.:-)

One method of support is sufficient if no-one is trying to attack
them. Some of my trousers are self-supporting so they need
nothing extra.

 SH> But a rifle may do nothing against a dug-in enemy and so on.

MY POINT EXACTLY!!!!

The enemy knows what weapons are likely to be used so he tries to
protect himself against them while he is attacking you. The
soldier going against that enemy has to use several different
kinds of weapons and/or armour, and backup systems like tanks,
aircraft, missiles, as the enemy is unlikely to have defence
against all of these.

In the same way, the originator of the virus knows the most
likely virus protection that his virus is going to encounter so
he writes it to be as transparanet as possible to that brand of
protection.

OTOH it is much more difficult to write a virus that is
transparent to two different kinds of virus protection, even more
difficult for it to be transparent to three. So using two or
three different virus protection systems gives a MUCH higher
degree of protection than using one.

The analogy of belt and braces to support trousers that aren't
under attack is completely false, although some people who want
to fool themselves that one type of virus protection is 100% safe
often use it to support their laziness or frugality or whatever
it is.

From Greg Mayman, in beautiful Adelaide, South Australia
   "Queen City of The South"    34:55 S  138:36 E

... To refuse praise is to seek praise twice.
___ Blue Wave/386 v2.30

--- FLAME v2.0/b