>> That is true enough, but if the virus can be stopped some of the time
before
>> it even reaches the end user, why not?
>Because there are costs in doing so.
True enough, but shouldn't the cost/benefit be calculated on a case by case
basis? I can see how in some cases it would be worth it, and in others it
would not be worth it.
>Generally if a person needs antivirus protection for a machine, they really
>need it for more than email that isn't encrypted. The right place to run it
>is on their machine, not on the central mail server. The issue with this is
>making sure they get handsoff updates of dat files.
I agree with this as well, but certainly you can see that there is some
level
of benefit from a two (or three) tier approach to virus
detection/prevention.
Once again, the cost benefit ratio would come to bear when deciding how many
levels of protection would be maintained.
>I also think that by using encryption and varient code to do bootstrap
>decryptionin viruses, it will make writing patterns that catch a virus
>without generating a lot of false positives much harder.
Agreed. That's why we pay the anti-virus folks so much money. :)
It seems to me that one of the major solutions to this problem would be real
OS level security on more machines (ie not windows). The big problem there
is cost, training, availability of software, politics, user acceptance, etc
etc ad nauseum.
If I were king... :)
