Full Disclosure mailing list archives

Re: AV scan on read vs write debate....

From: Reindl Harald <h.reindl () thelounge net>
Date: Tue, 01 Jul 2014 21:08:06 +0200



Am 01.07.2014 20:26, schrieb Joe Brown:

A compromise might be to have scan on Write only, with a forced full system scan of all files at a certain time.
For example at lunch time.


bad idea

1. You don't have an all the time performance hit


if i scan my full system it takes 8 hours

2. Files will be checked on a daily/weekly basis


daily is not doable -> see above
weekly is not enough

typically AV signatures are a few hours behind new malware, so it
helps at least if you download something now and don't open the
payload directly after download, maybe in a ZIP only specific
files are affected

the same applies for ZIP's you got from a person you know
which has a infected machine per email, while receive the
mail your signatures maybe not recent enough, in the time
between receive and open files you may get updates

Negatives are that these files may sit on the device while waiting for the next scheduled scan.


On Mon, Jun 30, 2014 at 2:45 AM, Yoann Gini <yoann.gini () gmail com <mailto:yoann.gini () gmail com>> wrote:


    Le 30 juin 2014 à 01:48, Reindl Harald <h.reindl () thelounge net <mailto:h.reindl () thelounge net>> a écrit :

    > but if you are talk with Apple "the OS is secure" priests
    > forget it, they are learning resistent

    This is not true anymore. Any Apple representative wont tell you that nowadays. Even more, Apple has a small
    antivirus builtin in the system. But signatures based, focused on major OS X threats. No heuristics, no
    detection of windows malwares.

    Le 30 juin 2014 à 01:38, Exibar <exibar () thelair com <mailto:exibar () thelair com>> a écrit :

    > they claim they have a huge performance
    > improvement with scan on read turned off...


    This is also true. Sadly. I work only on Apple products (and I use antivirus), I never seen a good product who
    don’t slow down the computer as shit.

    From a sys admin perspective, Antivirus editors don’t take the Mac seriously, their product are slow and
    sometime published with too much bug inside. That don’t help Mac users to have any trust in it…

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Re: AV scan on read vs write debate.... Yoann Gini (Jul 01)
- Re: AV scan on read vs write debate.... Joe Brown (Jul 01)
  - Re: AV scan on read vs write debate.... Reindl Harald (Jul 01)
    - Re: AV scan on read vs write debate.... Victor Aguilar (Jul 05)
- <Possible follow-ups>
- Re: AV scan on read vs write debate.... Carlos P (Jul 01)