RE: Oops: McAfee Update Exterminates Excel

[Nick FitzGerald <nick () virus-l demon co uk>]

Larry Seltzer wrote:

> I talk about this in my column yesterday. I presume in that column that it
> would be difficult to test an on-access scanner on a full Windows
> installation, but now that I think about it again couldn't you just traverse
> the system using touch or something like that? 

When I was at Virus Bulletin, "something like that" was the way we 
tested the overhead of on-access scanners.  We had a little utility 
that simply traversed the whole directory tree opening then closing 
each file it found.  Run multiple times over a decent-sized directory 
of known clean (and varying-sized) .EXEs (and later various OLE2 format 
files too -- presumably they may have also added a few script and HTML 
files since I left and these became a larger part of the extant threat) 
with the first (disk-cache "priming") run ignored and with the on-
access scanner in various states some rather interesting results were 
revealed.


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.