Full Disclosure mailing list archives
Re: AV scan on read vs write debate....
From: Reindl Harald <h.reindl () thelounge net>
Date: Tue, 01 Jul 2014 21:08:06 +0200
Am 01.07.2014 20:26, schrieb Joe Brown:
A compromise might be to have scan on Write only, with a forced full system scan of all files at a certain time. For example at lunch time.
bad idea
1. You don't have an all the time performance hit
if i scan my full system it takes 8 hours
2. Files will be checked on a daily/weekly basis
daily is not doable -> see above weekly is not enough typically AV signatures are a few hours behind new malware, so it helps at least if you download something now and don't open the payload directly after download, maybe in a ZIP only specific files are affected the same applies for ZIP's you got from a person you know which has a infected machine per email, while receive the mail your signatures maybe not recent enough, in the time between receive and open files you may get updates
Negatives are that these files may sit on the device while waiting for the next scheduled scan.
On Mon, Jun 30, 2014 at 2:45 AM, Yoann Gini <yoann.gini () gmail com <mailto:yoann.gini () gmail com>> wrote: Le 30 juin 2014 à 01:48, Reindl Harald <h.reindl () thelounge net <mailto:h.reindl () thelounge net>> a écrit : > but if you are talk with Apple "the OS is secure" priests > forget it, they are learning resistent This is not true anymore. Any Apple representative wont tell you that nowadays. Even more, Apple has a small antivirus builtin in the system. But signatures based, focused on major OS X threats. No heuristics, no detection of windows malwares. Le 30 juin 2014 à 01:38, Exibar <exibar () thelair com <mailto:exibar () thelair com>> a écrit : > they claim they have a huge performance > improvement with scan on read turned off... This is also true. Sadly. I work only on Apple products (and I use antivirus), I never seen a good product who don’t slow down the computer as shit. From a sys admin perspective, Antivirus editors don’t take the Mac seriously, their product are slow and sometime published with too much bug inside. That don’t help Mac users to have any trust in it…
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: AV scan on read vs write debate.... Yoann Gini (Jul 01)
- Re: AV scan on read vs write debate.... Joe Brown (Jul 01)
- Re: AV scan on read vs write debate.... Reindl Harald (Jul 01)
- Re: AV scan on read vs write debate.... Victor Aguilar (Jul 05)
- Re: AV scan on read vs write debate.... Reindl Harald (Jul 01)
- <Possible follow-ups>
- Re: AV scan on read vs write debate.... Carlos P (Jul 01)
- Re: AV scan on read vs write debate.... Joe Brown (Jul 01)