Hi Chris!
01 Jan 97, letter Chris Maddock to Dmitry Mostovoy:
 CM> A good suite of programs Dmitry. How about a short uncommercial
 CM> explanation of basically what each one does ??
    It is too complex question to give a short answer. I'll try.
    There are three main classes of anti-virus programs.
    1. Scanners/remouvers;
    2. Integrity checkers;
    3. Resident monitors;
    Really there are some other classes, for example, vaccines, but really 
they can't help.
    So, the first class and the most popular anti-viruses are 
scanners/removers (S/Rs). It is the first defence line in the anti-virus 
strategy. All incoming files are to be checked by S/Rs. But what S/R is to be 
used? There are different answers for different regions becouse scanner 
should include information about the latest viruses in the region. Of course, 
there is collection exchange between anti-virus developers, so after one or 
two months all scanners will know viruses from your region. But to minimize 
risk it would be better to use scanner developed in your region. It is a good 
idea to use a group of scanners. For example, for Russia the best choice is 
DrWeb with good heuristik analizer and wery short reaction time for Russian 
viruses and some scanner with a big viruse database, for example Dr.Solomon, 
F-Prot or AVP.
    The second defence line is integrity checkers. They should be used at the 
every computer to be sure that there is no viruses in the system. Integrity 
checker should be not only files CRC checker. It should not check only 
_files_ integrity, it should check _file_system_ integrity. Then it should 
not need to reboot from a clean floppy to scan drives, even the stealth virus 
is active. And at last, it should work very fast, much faster then scanners. 
I know only one integrity checker which conforms all this requierments. It is 
Advanced Diskinfoscope (ADinf) which is nearly twice faster then the popular 
Integrity Master, scans drives by direct call to BIOS entry point and, more 
over, it can restore about 97% infected files, using saved information.
    The 3-rd class is resident monitors. They were not very popular under DOS 
and Windows 3.xx enviroment. But under Win 95, written as VxD, resident 
monitor may be very useful. I can't now talk about concrete monitors for 
Windows 95 becouse I did not test them. But I think that it is very 
perspective class of anti-virus programs. Teoretically virus can deceive 
resident monitor, so for computers which need the most reliable protection, 
resident monitors with hardware support should be used.
 CM> Are there any plans towards making some speed improvements ?? On a
 CM> large drive they are somewhat slowish.
    What speed do you have in mind? The speed of anti-viruses in whole or 
speed of some concrete program?
                                    With best regards,
                                        Dmitry Mostovoy
--- GoldED 2.50+
---------------