TIP: Click on subject to list as thread!

ANSI

echo:	virus_info
to:	ROD FEWSTER
from:	KURT WISMER
date:	1998-01-30 22:08:00
subject:	Best Antiviral Program
-=> Mocking Rod Fewster to Luther Kolb <=- > This gets down to marketing hype. If TBAV detects 512 Jerusalem > variants with "inexact identification" and McAfee detects 450 with > "exact identification", which is the better scanner ? RF> Marketroids push the "exact identification is better because you're RF> sure of exact disinfection" barrow all the time, but it's basically RF> just one of many flavors of snake oil aimed at professional IT RF> technowankers. RF> Granted, mis-identification can cause problems in _some_ circumstances RF> (McAfee Scan tagging No Frills as Feist and trashing the files beyond RF> repair on disinfection is a classic example) but if a scanner handles RF> a virus properly with "family" identification then "exact" RF> identification might be nice but it's NOT essential. exact identification is important for relief from false positives and also from false negatives with polymorphs... exact id is more about an increased degree of certainty about the diagnosis than about avoiding screwing up the disinfection... false alarms are more of a problem than mistaken identity (it's a very big problem with some scanners... and false positives will always be a problem with scanners that don't do exact identification... take a look at vesselin bontchevs paper on the maintenance of a virus zoo, in it he praises f-prot (this is before he started working there) for being the best at identifying the family to which a virus belonged (and this is despite f-prot's exact id capabilities)... don't forget that most scanners wear two "hats" now... the virus specific hats and the heuristic hats... varient detection is better relegated to a heuristic process than to relying on an overly general virus specific scan string... it allows for both high accuracy when dealing with known viruses, and as it happens higher accuracy for varients (as the more specific scan string contains more information about the virus to compare the varient to)... ... in AV, the code that gets control first wins... boot clean!...** --- TGWave v1.20.b09 --------------- * Origin: fks Online! * Mississauga, ON Canada (1:259/423)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.