Main reason for Symantec/McAfee packages: 'Ready installed' PC's usually get shipped with packages from 'Major' marketing organisations so Users do not have to go find one.
These 'Major' supplier packages are usually very good at detecting, and addressing malware that uses both old and new attack modes Real - time scanning should deal with files that have been introduced to the computer via emails, downloads, attachments, USB connect devices and CD's that are supplied as containing data - such as macro's within word and buffer exploits in image processors Even those acquired since your last scan With large systems - 200Gb storage etc it can take a long time to scan the entire set of data files and how often do you have to do a scan to be sure of catching all malware that could be introduced via all the possible sources and access paths to your system On my main system I get entire 250Gb drives of data and programs inserted for data manipulation, and/or backup Real-time scanning gives more security than full volume scans without the overhead of having to scan each volume (drive) as they get incorporated into the systems storage I do full volume scans on drives from 'suspect' systems when appropriate, and recently found a collection of malware on a drive from system that did not have a modem, or LAN connection The malware had been introduced via USB device, and some passed over (Homework cribbing?) MSWord files Not running as Administrator will not protect your system from all malware - There is 'stuff' out there that acquires Admin authority for itself.. Using a virtual environment may, but I'm not sure about that either (Information anybody?) Also - how you gonna use an online scanner without booting your system to your possibly 'got-at' version of the OS?? Scanning stuff as you download it will not catch the malware that re-builds the code from a data buffer that has been 'encrypted' using a process that is not a part of the standard compression applications routines. Nor will it catch the stuff you didn't realise you were downloading. Want a fix for that new codec Did you check that there was no extra code in the download Indeed I wrote some code that used a supplied key to determine which bytes needed changing to remove the 'not till you pay' execution stopper. The codes were used as offsets/register values for indirect/offset addressing to process selected code - the principle being can you find the fixit code portions wherever they had been individually placed in the main program code, control values, data and buffer areas You pay You get a code that applies to your system today You enter the code The application uses the code entered to 'fix the version of itself in memory' so it works but just for the current day! Much harder to bypass than a simple prohibition routine Want to use the process again - restart at 'You pay' JimB ----- Original Message ----- From: "Bernie Cosell" <[EMAIL PROTECTED]> > > Seems excessive to me: you can do a manual scan on executables when/if you download them, and there's hardly a need to scan anything else [and of course, if you're not running as administrator the malware can't do *too* much damage-- so about the only thing you really need to scan are executables you're about to run as admin [which, basically, means "install files", and I barely install a new program once-a-month, and so, again, real-time scanning everything seems excessive]. > > [and indeed, if you're scanning manually, you can use one [or more] of the free online-scan services and get up-to-the-second scanning, without having to worry about updates or paying anyone for them]. So I continue to be skeptical about the real worth of paying [yet more] money into Symantec's or McAfee's coffers... > > /Bernie\ > -- > Bernie Cosell Fantasy Farm Fibers > mailto:[EMAIL PROTECTED] Pearisburg, VA -- ---------------------------------------- To Change your email Address for this list, send the following message: CHANGE WIN-HOME your_old_address your_new_address to: [EMAIL PROTECTED] Note carefully that both old and new addresses are required.
