Re: question

From: Alun Jones [MSFT] (alunj_at_online.microsoft.com)
Date: 06/21/04


Date: Mon, 21 Jun 2004 09:04:09 -0700


"sgopus" <anonymous@discussions.microsoft.com> wrote in message
news:1f3ac01c45711$6d427930$a001280a@phx.gbl...
> Who wants to waste time reading the philosphy of life.
> it's clear someone has a virus, you got sent a virus.
> the whofores and whatnots don't matter, keep the AV
> software.

Oh, I don't know - there's something to be said for keeping an eye on the
antivirus companies. Any company that advertises based on "N viruses
scanned for and removed", you have to figure that perhaps a few dozen of
those are viruses you'll encounter in the wild, the remaining several
hundred are either functionally dead, or have been created in the lab for
the sole purpose of showing off, and then distributed only to the antivirus
companies. For any computer, unfortunately, it's impossible to accurately
predict which viruses you need to worry about - the important virus is
whichever one your antivirus didn't detect until after it made its way into
your system.

As for "there's never a virus but antivirus makes it so" (I'm paraphrasing
here with a little Shakespearian allusion), that's a dual concept - to most
users, yes, it's only possible to see a virus when the antivirus detects it,
but the virus is still there, steadily doing its work.

A neighbour's machine was operating very slowly, and files seemed to go
missing every so often. I investigated it, and found 11,663 copies of one
particular virus on it. No current antivirus software running. So yes, a
virus can exist even in the absence of an antivirus, and you can see its
effects even without an antivirus suite.

The duality comes with those "lab" viruses that are created solely to give
to the antivirus companies as demonstrations. Without the antivirus
companies, many viruses would not be written. That's not even remotely an
argument to cut out the antivirus companies, obviously, but it's worth
remarking on, just as it's worth noting that a good number of recent worms
have been created out of "proof of concept" postings to security newsgroups
and mailing lists. It doesn't suggest that those newsgroups and mailing
lists should be taken down, only that we should all be careful what we post
there, and how functional "proofs of concept" are.

> Next time, keep it short!

That's for sure.

Alun.
~~~~

-- 
Software Design Engineer, Internet Information Server (FTP)
This posting is provided "AS IS" with no warranties, and confers no rights.


Relevant Pages

  • Re: XP Security - in general
    ... > Signature scanning fails to detect new viruses. ... The email virus scanner passed it as clean. ... localized problems for the antivirus industry ... > years of development before it can replace signature scanning. ...
    (microsoft.public.security)
  • Re: How to scan a compromised system?
    ... > You only have this problem with some viruses that are memory resident ... > only if your antivirus scanner does not have that virus in it's database ... > machine unless your antivirus scanner is unaware of the new virus. ...
    (microsoft.public.security)
  • Re: Mystery process
    ... > I also tried a system restore, but can't do a restore either. ... > online virus scan at one of the following sites: ... Some other applications to try for ANTIVIRUS and SPYWARE elimination can be ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Hung applications and non response
    ... You probably have some combination of a virus and some nasty malware ... Alternatively, you could try rebooting into "Safe Mode", to see if your ... up-to-date antivirus software in Safe Mode and remove the virus ... software is able to identify viruses, ...
    (microsoft.public.windowsxp.general)
  • Re: How to scan a compromised system?
    ... You only have this problem with some viruses that are memory resident ... only if your antivirus scanner does not have that virus in it's database ... machine unless your antivirus scanner is unaware of the new virus. ...
    (microsoft.public.security)