TIP: Click on subject to list as thread!

ANSI

echo:	virus_info
to:	ROD FEWSTER
from:	KURT WISMER
date:	1998-02-16 23:00:00
subject:	Best Antiviral Program
-=> Mocking Rod Fewster to Kurt Wismer <=- > exact identification is important for relief from false positives and > also from false negatives with polymorphs... > exact id is more about an increased degree of certainty about the > diagnosis than about avoiding screwing up the disinfection... false > alarms are more of a problem than mistaken identity (it's a very big > problem with some scanners... and false positives will always be a > problem with scanners that don't do exact identification... RF> You seem to have lost sight of the object of the game. If a scanner RF> appears on the market which accurately detects and cleans everything RF> in sight yet calls every infection "A Virus", will you use it ... or RF> will you pass it up because it doesn't tell you _exactly_ what the RF> virus is ? a scanner's ability to tell me exactly which virus i have relates directly to it's ability to tell me that i do indeed have a virus and not simply a program/data file with a coincidental instance of a scan string in it... and as for what i'd use, i don't disinfect virus infected files, i delete them, and i can just as easily use integrity master to detect them in the first place as to use findvirus or avp or fprot... > take a look at vesselin bontchevs paper on the maintenance of a virus > zoo, in it he praises f-prot (this is before he started working there) > for being the best at identifying the family to which a virus belonged > (and this is despite f-prot's exact id capabilities)... RF> In the last stages of his stint at the University of Hamburg, Vesselin RF> got so close up and personal behind F-Prot that no-one was in the RF> least surprised when he went to work for them. luther has suggested something similar... however, vesselin has been accused (by competitors no less) of pathological honesty... > don't forget that most scanners wear two "hats" now... the virus > specific hats and the heuristic hats... RF> When Frans Veldman first released heuristics in TBAV (No, Virginia ... RF> Zvi Netiv did NOT introduce heuristic scanning to the antivirus RF> world!) opposition AV companies sneered at it as a marketing gimmick. RF> Since then, every single one of the knockers has tried to implement RF> their own heuristics. I guess Frans was just ahead of his time. :) indeed he was... and heuristics is very good for detecting viruses not yet known to the scanner... but for viruses that the scanner knows about, the greater the accuracy (exactness) the better... otherwise we could all just use zvi's generic detection and recovery... ... Virus Alert/Tagline Virus, avoid "Virus Alert" infected taglines... --- TGWave v1.20.b09 --------------- * Origin: fks Online! * Mississauga, ON Canada (1:259/423)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.