-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In <mid:15341266296.20021027233602@;theycallmesimon.co.uk>, Simon [S] wrote:'
S> I don't think it is a question of, 'are they supposed to?', but S> rather, 'can they?'. And of course Kapersky can, so to me it S> simply means Kapersky is providing more prophylactic power S> than AVG. For stopping harmless test files? I don't know how popular those test files are apart from eicar.com which is well known (note that eicar is picked up by most scanners). An A-V scanner that stops and weeds out files just based on their file type isn't really a scanner. Why spend all those resources on updating definitions? It's much simpler to just input the file types to scan for and bring up a loud alert when one comes in. This is what this website seems to be saying. This has already been implemented in TB! through its inbuilt filetype restrictions. That's a nice simple way of implementing what you're referring to. TB! also doesn't run HTML based scripts and Active X controls. As a TB! user, you don't actually need the scanner to pass that test. :) S> If the software safeguards against viruses and known exploits S> then I'm pretty happy about that. That's all an A-V Scanner should do. Not weed out files merely based on file type. Warnings should be issued by your e-mail client. Of course, Outlook is a different beast and it would seem that it does need something to prevent these filetypes being downloaded to it at all. But which application is lacking here? Is it the A-V Software or is it Outlook? ACM>> It could just mean that your virus scanner doesn't simply ACM>> consider any file with a .vbs extension a virus. S> :-/ Sorry, but I think you kind of miss the point really Allie. S> Being as we are considering email file attachments; how do most S> infections occur? Unprotected email users! I think it is a S> prudent safeguard to treat any file with a vbs extension, or a S> double extension ending in .vbs, being delivered by email, as S> suspicious, and the fact that an AV scanner like Kapersky does is S> all the better for the end user IMO. Put it this way, I'd rather S> be notified than not! ACM>> The statement above just seems ridiculous to me S> Well of course, they are trying to sell you their product after S> all, so what do you expect? <g> You agree with me here which is the very essence of the point I was making that you responded to by saying that I missed the point. What's the pointing of making an issue about .vbs filetypes, declaring your machine vulnerable to a .vbs test file when it's just as vulnerable to .exe, .cmd and .com files. If you can run those from the desktop, no problem, it would appear. However, if you can run a .vbs file from the desktop, then you're vulnerable to attack. Yeah,.. right! I'd say that they have missed the point that it's the user that has to be very careful about any of these files. Software cannot replace this necessary ingredient without crippling the system. They're trying all sorts of things and are slowly falling back to crippling the system or shooting wide ... just catch any suspicious filetype. Of course the user expecting the file shouts an angry foul and loses faith in his scanner. It's getting in the darned way. After a while he switches it off. Uh-oh .... not good. S> *Although*, from my own experience in virus detection, Kapersky S> has always detected virii that AVG, AntVir, Norton, and McAfee S> have not, so my own confidence in the product is high, and S> therefore I personally see no reason to have the two plugins S> running successively. Ok. ACM>> Perhaps a vulnerability for Outlook users but not for you. ;) S> True enough. But: ACM>> ...if you store your attachments with the message. If you don't then ACM>> the file is already stored on the disk) ... S> That means it's a vulnerability of course. Your real-time scanner will prevent you from running it. If your A-V Scanner doesn't pick it up with the real-time scanner, it will not pick it up any other way, including through e-mail scanning. S> And I agree that TB! users should have protection in place to S> scan attachment folders, but not everyone will have. Why not? Navigate to it and scan it. S> This means that the virus has for all intents and purposes passed S> through any defenses without detection. It's yet to be opened an then caught by the realtime scanner. It's yet to be caught by the system wide scans that you may perform on a daily basis. - -- Allie C Martin \ TB! v1.62/Beta7 & WinXP Pro (SP1) List Moderator / PGP Key - http://pub-key.ac-martin.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9vIeEV8nrYCsHF+IRAlYbAJ0V6vxFlPnUFtvLZVr4Zghe6rdkLwCeJjrQ MpmjHI3cP6Hp+qvEwryWE1k= =9W1R -----END PGP SIGNATURE----- ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
