[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Simon Avery wrote: > Martijn wrote: > >> On topic: a lot of virus-scanning is (partly) based on heuristics. And >> unfortunately it has to be, as the people who write viruses never tell >> the anti-virus creators about the new viruses they have written, > > Depends how conspiratorial you're feeling. I've not seen a virus detected by common antivirus software in a long time (except after I've sent the sample in). Most of the systems don't do heuristic checks of any magnitude, where the personal firewall products do better with blocking outgoing network connections (from programs that aren't authorised). Of course some of the antivirus vendors sell the personal firewalls as a package, but the biggest one of them has a POP3 proxy and SMTP proxy that I've seen lose email. As such I wouldn't want to run software from them, as it would likely reduce the reliability of my systems, which is the opposite of security. We should encourage are tools like AppArmour and SELinux, which will detect (and block) behaviour that is out of step with what should happen, without trying to get involved or make a big market out of the behaviour. Virus detection by non-heuristic methods is almost pointless, since it presupposes you are running arbitrary code from 3rd parties - at which point it can't possibly know all the bad stuff.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html