TIP: Click on subject to list as thread! ANSI
echo: virus_info
to: KURT WISMER
from: ANDREW KORMANIK
date: 1997-01-05 23:58:00
subject: here again!
Kurt Wismer wrote in a message to Keith Peer:
--Snip--
 KP> Integrity checkers are a third level of defense but should be used
 KP> with a quality antivirus scanner and resident protection on every
 KP> computer.                            ^^^^^^^^^^^^^^^^^^^ 
 KW> what is the benifit of using a resident scanner if you already scan
 KW> all incoming materials rigorously? i know vxd's are becoming
--Snip--
   You can also implement a behaviour blocker as a VXD right? He said
 resident protection, in my book that includes scanning and behaviour
 blocking.
 KP> The problem with Integrity checkers is that they cannot
 KP> tell a user that a program is infected with one of the 10,000 or so
 KP> known different viruses or not. They only detect a change whether that
 KP> change is a virus or not the integrity checker cannot determine.
 KW> whether the change is caused by a virus or not is irrelevant... all
 KW> that is relevant is whether the change was authorized... if not,
 KW> delete and replace... it could have been altered by someone wishing
 KW> to cause trouble, it could have been corrupted, it could have been
 KW> infected, but it doesn't matter because when it's been changed and
 KW> the change wasn't a desired effect the change has to be rectified
 KW> regardless of what caused it...
   And the majority of users...
1) Update their integrity checkers database regularly
2) Backup their files
3) Remember which files they modified or which files modify themselves
   And look at newer viral threats like Doc viruses that can really
 inconvience someone using an integrity checker. 
 KP> This is why Integrity checker are not popular like virus scanners.
 KP> They can be powerful but require expert knowledge to be used
 KP> effectively and cannot prevent infections.
 KW> integrity checkers require less expertise than heuristic scanner
 KW> reports... all a user needs to know is which files were supposed to
 KW> change - these are almost invariably the files the user was
 KW> actually working on (which is knowledge that the user should
 KW> already have)... 
   What about Doc viruses then?
Regards,
Andrew Kormanik 
--- Eh?
---------------
* Origin: The One Time Pad (1:250/503.2)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.