Kevin A. McGrail wrote:
> Finally, while I appreciate the security notice, I think we can all
> agree that virus scanning is only useful if you are running the
> latest engine and signatures regardless of the software used. So for
> the benefit of others using McAfee, the McAfee 4440 engine patched
> the LHA exploit Secunia found like Oct/Nov of last year.
I have heard people ask, "how many AV scanners should I run"?
Some say "one" - some say "as many as you can get".
The McAfee exploit leads me to say "two" - why?
The same question was asked of the aerospace industry, in different words -
"how many engines should we put on planes?"
The answer is "two".
Why?
There are two kinds of airplane engine failure:
Passive: the engine stops producing thrust
Active: the engine explodes
Similarly, there are two kinds of AV engine failure:
Passive: a virus is not detected (old definitions, say)
Active: a buffer overflow allows arbitrary code execution
Thankfully, active failures are much rarer than passive failures.
If you only have one engine, the two failures both have the same result -
system failure (crash, or infection.)
If you have two engines, you can be reasonably sure that the passive failures
in both engines will not coincide (although AV is a little different in this
scenario), so you greatly reduce the risk due to passive failures (assuming
independence, you multiply the two error rates). You double the risk of active
failures - but the net result is still a risk reduction, because active
failures are so rare.
If you add any more engines beyond two, you're not significantly reducing the
risk of passive failures... that's pretty low already with two (assuming the
engines are from different vendors) - but you ARE still increasing the risk of
an active failure.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
