[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] AV scan on read vs write debate....

To: Reindl Harald <h.reindl@xxxxxxxxxxxxx>, "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: Re: [FD] AV scan on read vs write debate....
From: Victor Aguilar <Victor.Aguilar@xxxxxxxxxx>
Date: Thu, 3 Jul 2014 14:40:17 +0000


 Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:


Am 01.07.2014 20:26, schrieb Joe Brown:
> A compromise might be to have scan on Write only, with a forced full system 
> scan of all files at a certain time.
> For example at lunch time.

bad idea

> 1. You don't have an all the time performance hit

if i scan my full system it takes 8 hours

> 2. Files will be checked on a daily/weekly basis

daily is not doable -> see above
weekly is not enough

typically AV signatures are a few hours behind new malware, so it
helps at least if you download something now and don't open the
payload directly after download, maybe in a ZIP only specific
files are affected

the same applies for ZIP's you got from a person you know
which has a infected machine per email, while receive the
mail your signatures maybe not recent enough, in the time
between receive and open files you may get updates

> Negatives are that these files may sit on the device while waiting for the 
> next scheduled scan.

>
> On Mon, Jun 30, 2014 at 2:45 AM, Yoann Gini <yoann.gini@xxxxxxxxx 
> <mailto:yoann.gini@xxxxxxxxx>> wrote:
>
>
>     Le 30 juin 2014 à 01:48, Reindl Harald <h.reindl@xxxxxxxxxxxxx 
> <mailto:h.reindl@xxxxxxxxxxxxx>> a écrit :
>
>     > but if you are talk with Apple "the OS is secure" priests
>     > forget it, they are learning resistent
>
>     This is not true anymore. Any Apple representative wont tell you that 
> nowadays. Even more, Apple has a small
>     antivirus builtin in the system. But signatures based, focused on major 
> OS X threats. No heuristics, no
>     detection of windows malwares.
>
>     Le 30 juin 2014 à 01:38, Exibar <exibar@xxxxxxxxxxx 
> <mailto:exibar@xxxxxxxxxxx>> a écrit :
>
>     > they claim they have a huge performance
>     > improvement with scan on read turned off...
>
>
>     This is also true. Sadly. I work only on Apple products (and I use 
> antivirus), I never seen a good product who
>     don’t slow down the computer as shit.
>
>     From a sys admin perspective, Antivirus editors don’t take the Mac 
> seriously, their product are slow and
>     sometime published with too much bug inside. That don’t help Mac users to 
> have any trust in it…


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- Re: [FD] AV scan on read vs write debate....
  - From: Yoann Gini
- Re: [FD] AV scan on read vs write debate....
  - From: Joe Brown
- Re: [FD] AV scan on read vs write debate....
  - From: Reindl Harald

Prev by Date: [FD] Finding page including parameters with google dorks
Next by Date: Re: [FD] Iron Mountain doesn't take physical security seriously
Previous by thread: Re: [FD] AV scan on read vs write debate....
Next by thread: Re: [FD] AV scan on read vs write debate....
Index(es):
- Date
- Thread