Nearly Handheld Anti-virus Protection
from the yawn-but-I-guess-it�s-sort-of-important dept
Mcafee will soon start shipping its own version of a handheld virus protection program(so they say), amusingly enough it isn�t even really for handhelds it�s for the node connection points between a computer (or network) and a handheld. Call me when we get real handheld anti-virus programs, Ha!
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Stupid
[ link to this | view in thread ]
Re: Stupid
Granted, virus companies (McAfee included) always jump at any chance to get mentioned in the press...it's good publicity! So of course, whenever there's a big outbreak, McAfee and Norton and all the others immediately send out press releases and release special emergency DAT upgrades. These 'extra DATs' as we call them at McAfee are released whether or not our current DATs already have the virus's signature. This is because when people grab the extra DAT, they come to our website, and while they're on our website in a paranoid mood they're very likely to buy other software.
The fact is, most viruses are reported to AVERT Labs (NAI's virus research laboratory) long before they actually make it into the wild. This gives AVERT time to create a virus signature and toss it over to the McAfee guys who silently throw all the new signatures into the weekly DAT releases. If you're running VirusScan with the latest DATs, chances are you're nearly invincible. Even better, if you're running ActiveShield from McAfee.com, you'll always be using the latest DATs because it automatically upgrades itself.
Here's another secret for you, though: All antivirus programs suck. Some just suck less than others. McAfee's VirusScan engine sucks less than the competition. That's the only reason anyone should use it. The last actual good virus scanner on the market was F-Prot, and I don't know what's happened to them.
[ link to this | view in thread ]
Why a 'real' handheld antivirus program will never
So...why can't we have a virus protection program that actually runs on the PDA? Because virus protection programs require huge DAT files full of known virus signatures in order to be effective. These DAT files are way too huge to fit in the meager 4 or 8 megs of RAM on your PDA. Thus, a PDA-based virus scanner would be completely ineffective. Without DAT files, virus scanners are worthless.
[ link to this | view in thread ]
Really?
I tend to agree that most virus progams tend to suck and are pretty big but I was wondering if you guys are doing any research into modeling anti-virus programs on the human immune system?
I read about a while ago but seems to have disappeared since then, I have a feeling that these programs would be less huge than current antivirus programs (maybe even small enough for PDA's) and of course much more flexible (just in case people start making viruses for handhelds).
[ link to this | view in thread ]
Re: Really?
Then again, I work for McAfee.com, which is a separate company from NAI. NAI owns the McAfee brand, although NAI does not own McAfee.com (despite the fact that, for some odd reason, my paychecks come from NAI). It's all terribly confusing. Anyway, if you go to McAfee.com you'll see the stuff I work on...it's basically web-based versions of all the NAI apps. We take their code, modify it to work as an online app, and sell it to customers on a yearly subscription basis. So all I do really is web work...the actual R&D and VirusScan engine hacking goes on in NAI's offices in Santa Clara.
The only problem I can see with a virus program that works like the human immune system is that when the immune system encounters a new virus, you've already been infected by the time antibodies are produced. So let's say you're running McAfee ImmunoProt 5.0, and someone emails you a VBScript virus. Since McAfee ImmunoProt doesn't use DAT files, it can't just scan everything looking for malicious code...it has to sit there and wait for malicious code to actually do something malicious. Then, once bad stuff starts happening, ImmunoProt says "Aha! I bet this is a virus!" and halts the code execution. But then you're stuck. Once again, since there are no DAT files with virus signatures or information, ImmunoProt doesn't know how to clean the virus from the infected files. Your only option is to delete anything that's been infected. No fun.
I'll have to think about this some more. There are various ways to write a virus scanner without using DAT files (anyone remember Microsoft's old DOS-based scanner?), but none of them are as good (yet) as DAT-based scanning. It sure would be nice not to have to keep downloading a huge update every week!
[ link to this | view in thread ]
hmm...
[ link to this | view in thread ]
Re: hmm...
[ link to this | view in thread ]
Re: hmm...
[ link to this | view in thread ]
[ link to this | view in thread ]