TIP: Click on subject to list as thread! ANSI
echo: virus_info
to: KEITH PEER
from: DMITRY MOSTOVOY
date: 1997-01-09 13:49:00
subject: Re: here again!
           Hi Keith!
08 Jan 97, letter Keith Peer to Dmitry Mostovoy:
 KP> Creating a structure to obtain virus samples is relativity simple.
 KP> All existing customers and non-customers can be directed to send
 KP> virus suspects to a particular e-mail address, post address, BBS,
 KP> etc... The structure is the easiest part. Users can be trained to
 KP> send virus suspects that are flagged using the heuristic messages and
 KP> other indicators. Most antivirus companies have installed these
 KP> systems.
    Yes. May be it would be better to say that not the most, but _every_ 
antivirus companies buld such structures. If you open my first letter, you 
may see that I wrote only about Russia and ex-USSR. Here the most powerful 
structure of obtaining new viruses has DialogueScience Inc. It was acheaved 
thanks to great efforts which includes free distribution of non-commercial 
versions of DSAV (DialogueScience Anti-Virus kit) on hundred of southends 
computers here, tens of southends legal users of commercial versions, the 
most popular integrity checker which, practically, is the only integrity 
checker used here. If integrity checker (ADinf) finds something looks like 
virus, where the user will call? Yes. To the developer of the program - 
DialogueScience Inc. And at last, DS has multi-line BBS, FTP, WWW and other 
usual components as every anti-virus companies.
 KP> Maybe you are refering about your "Internet Service?" I have logged
    No. You simplify the question. See the previous paragraph.
 KP> on to the service but it make no sense. Why would a end user upload a
 KP> file that he suspects is infected to the web server to have it virus
 KP> scanned?
    One can upload files to check or do not do it. We did this serviece only 
as an interesting possibility of our WWW site (www.dials.ccas.ru). It was 
very easy to implement for us, and during first 3 weeks there was more then 
1000 uploads, so it is interesting for users. But we do not keep uploaded 
files.
 KP> that is protected using integrity checking as the primary virus
                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 KP> defense
     ~~~~~~~~
    I have never told about integrity checking "as the primary virsus 
defence". If you find my previous lettere once more, you can read that I 
mentioned integrity checkers as the SECOND defence line.
 DM>> Why do you say it?! You have seen ADinf. It keeps integrity
 DM>> databases up-today automatically!
 KP> Adinf is a reliable product. I agree, but it suffers the same
 KP> problems that all integrity checkers do. It cannot determine if the
 KP> modification was a virus, program upgrade, or user modified. It will
 KP> warn the end user of a possible virus even though it cannot determine
 KP> if infact it is a virus or not.
    But it is a perpose of integrity checker to warn user! You very often 
write: "Use scanner with a database with about 10000 viruses and everything 
will be Ok". But it is wrong! Becouse scanner can't find 10001 virus. You may 
say something about heuristic. But reliability of heuristic is only about 80% 
and there are a lot of mordern anti-heuristic viruses. And if a scanner miss 
virus only integrity checker can help.
 KP> Integrity checkers cannot remove existing infections.
    ADinf with installed ADinf Cure Module do can remove 97% of file 
infectors according to previosly saved information, even for yet unknown 
viruses.
 KP>  Also, they are vulnerable to direct attack.
    As scanners too. If the virus is known then there is now difference 
between protection of scanner or integrity checker against it. And for yet 
unknown viruses there is no difference between direct virus attack against 
particular scanner (with heuristic) or integrity checker.
 DM>> And from the other point of view. There is no need to check the
 DM>> system permanently.
 KP> This I agree. Once a machine has been virus scanned using a quality
 KP> virus scanner a database for integrity data can be established. Using
 KP> the integrity checker along with quality resident monitors will keep
 KP> the machine very well protected. If a infection is encountered
 KP> depending on the infection (get a reliable virus name and research
 KP> the infection) then determine if the virus is best removed by a virus
 KP> scanner or generically using the integrity checker.
    I absolutely agree with this paragraph. If one need reliable protection 
of computer system, one should use a few lines of defence. The first - 
scanners. Not scanner, but scannerS. The second - integrity checker to be 
sure that scanner did not miss a virus and the 3-rd, optionaly, resident 
monitor.
                                With best regards,
                                           Dmitry Mostovoy
--- GoldED 2.50+
---------------
* Origin: DialogueScience, Moscow; E-mail: dmost@dials.ru (2:5020/69.4)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.