> exact identification is important for relief from false positives and
 > also from false negatives with polymorphs...
 > exact id is more about an increased degree of certainty about the
 > diagnosis than about avoiding screwing up the disinfection... false
 > alarms are more of a problem than mistaken identity (it's a very big
 > problem with some scanners... and false positives will always be a
 > problem with scanners that don't do exact identification...
You seem to have lost sight of the object of the game.  If a scanner
appears on the market which accurately detects and cleans everything
in sight yet calls every infection "A Virus", will you use it ... or
will you pass it up because it doesn't tell you _exactly_ what the
virus is ?
 > take a look at vesselin bontchevs paper on the maintenance of a virus
 > zoo, in it he praises f-prot (this is before he started working there)
 > for being the best at identifying the family to which a virus belonged
 > (and this is despite f-prot's exact id capabilities)...
In the last stages of his stint at the University of Hamburg, Vesselin
got so close up and personal behind F-Prot that no-one was in the least
surprised when he went to work for them.
 > don't forget that most scanners wear two "hats" now... the virus
 > specific hats and the heuristic hats...
When Frans Veldman first released heuristics in TBAV (No, Virginia ...
Zvi Netiv did NOT introduce heuristic scanning to the antivirus world!)
opposition AV companies sneered at it as a marketing gimmick.  Since
then, every single one of the knockers has tried to implement their own
heuristics.  I guess Frans was just ahead of his time.  :)
---
---------------