RE: Oops: McAfee Update Exterminates Excel

[Drsolly <drsollyp () drsolly com>]

On Tue, 14 Mar 2006, Larry Seltzer wrote:

> > > Obviously McAfee does Quality Control only using the command line scanner.
> And that was the problem here ... 
>
> I talk about this in my column yesterday. I presume in that column that it
> would be difficult to test an on-access scanner on a full Windows
> installation, but now that I think about it again couldn't you just traverse
> the system using touch or something like that? 
 
Not touch - you need to open the files; maybe you need to read them. It 
depends on how the on-access scanner works.

It's easy to do.

You have a server with a humungous amount of clean files on it (we used to 
use the Data Recovery server as one source). You run your on access 
scanner, and then you copy all the files on that server, to another 
server.

If that takes a long time, you can parallelise it by using multiple 
servers.

If you detect just one false positive on that clean test, you reject the 
product and send it back to the programmers.

Quality Control is one of the key issues in making an antivirus with 
monthly upgrades - we used to put a lot of manpower onto it. If you send 
out an update to several million people that screws up 5% of the 
computers, you're in deadly deep doo-doo.

I can't imagine how you do this job for daily updates, let alone hourly.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.