Re: Seek on-demand AV scanner to complement NAV

From: FromTheRafters (!0000_at_nomad.fake)
Date: 09/21/03


Date: Sun, 21 Sep 2003 16:50:36 -0400


"Martin C.E." <martin_2003@mail.com> wrote in message news:Xns93FDBD5965254835A@130.133.1.4...
> "FromTheRafters" <!0000@nomad.fake> wrote:
>
> >> PS - I had thought about F-PROT but I heard that it is not
> >> keeping it definitions as up to date as it should and has not
> >> been catching the latest WEN worm as quickly as it might have.
> >
> > Anybody getting caught by the day zero effect is doing something
> > else wrong. F-prot is still good, but you always must supplement
> > your on demand scanning with other safe practices.
>
> What is the day zero effect?

It is that critical span of vulnerability between the time a particular
malware is unleashed, and the time that detection critieria is added
to the anti-virus programs to try and protect you.

1) Malware is unleashed
2) Malware becomes noticed (pops up on the "radar" so to speak)
3) Malware is analyzed, and a suitable criteria formed for its detection.
4) The detection criteria made available for those who actively seek it.
5) The detection criteria is added to the definition set to be downloaded.
6) You update your AV which implements the new definition.

Day zero can be week zero, month zero, maybe even never zero
if step 2 is not reached.