[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Hi! Antiviruses Comparison - A Little Research Results

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: Hi! Antiviruses Comparison - A Little Research Results
From: Feher Tamas <etomcat@xxxxxxxxxxx>
Date: Fri, 16 Apr 2004 19:11:20 +0200 (CEST)

Hello,

>> Only finnish F-Secure and american CA has Windows/Linux AV 
>>products with multiple independent virus scanning engines.
>
>Not exactly. At least Chinese iduba.net from Kingsoft
>uses 2 kernels. As far  as  I  know  Russian  Dr.Web works
>on engine to work with multiple antiviral kernels of
>different vendors.

There is a big difference between using multiple "scan engines" and 
being able to integrate several AV software under one hood or GUI by 
passing them relatively high level calls.

The latter gives poor performance, kinda Amavis-like or a similar to a 
snail in reverse gear.

Only the engine-level (.DLL based) approach can be used for on-access 
protection, which is mainly a Windows requirement. Even this has 
performance penalty, but it is usable (especially on the corporate 
desktops, where users simply cannot disable that annoying realtime 
protection).

Writing multiple engine AV software can be a tricky task, I guess. For 
example there is no standard virus naming across different AV 
developers, yet the user interface must display relatively coherent info 
for the poor PC owner when a virus is found.

MS says Windows 2003.NET Server OS now supports running any two 
different AV software on the same machine, without interference of real-
time protection modules or other function. This could allegedly alleviate 
the need to develop multiple-engined AV software. The feature 
reportedly works in 95% of all cases, but that unlucky 5% could still be 
a lot of people.

I think Linux people should agree on single a disk access monitoring 
module standard (dazuko or other) so that Linux AV can easily watch 
absolutely any disk access in the system, not just Samba or Squid. 
Soon, LinuxAV will be just as indispensible, as Windows AV already is.

Sincerely: Tamas Feher.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] OT microsoft "feature"
Next by Date: Re: [Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results
Previous by thread: [Full-Disclosure] [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)
Next by thread: [Full-Disclosure] Cisco Security Notice
Index(es):
- Date
- Thread