Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!shadooby!samsung!usc!sdsu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: portal!cup.portal.com!cpreston@Sun.COM Newsgroups: comp.virus Subject: Virus scanners Message-ID: <0009.8910271112.AA11335@ge.sei.cmu.edu> Date: 27 Oct 89 01:58:33 GMT Sender: Virus Discussion List Lines: 36 Approved: krvw@sei.cmu.edu In VIRUS-L #222 David Gursky wrote concerning an earlier posting that "a strategy that relied solely on a scanner application would not be a strong defense defense against electronic vandalism." This is because "you must remember to periodically scan the disk." I believe Mr. Gursky is quite correct about not relying solely on a scanning program. While I was mainly relying on the technical sophistication of VIRUS-L readers to know that, I did mention qualifiers such as "very useful part of an anti-virus program." Actually, there are programs for the Macintosh (SAM, Virex) that can be set to check each floppy disk each time it is inserted. Or a "log-on" or "log-off" batch file could be used for other machines to run the scanning program against all the hard disk files. Even if that were done, it would still not be adaquate protection against viruses, even on microcomputers, since it can be effective only against known viruses. My point about "How good are scanning programs" is mainly that if the program uses well-chosen search strings it can be more effective than I, at least, initially expected. Several scanning programs for the Macintosh relied only on resource names (resources include program code on the Mac). These resource names, such as nVIR, are very easily and quickly changed to hPat or anything else, completely defeating the scanning program. I always urge clients to use additional detection and prevention, and am somewhat frustrated that some of them feel that scanning programs will protect them. Charles M. Preston MCI Mail 214-1369 Information Integrity BIX cpreston Box 240027 907-344-5164 Anchorage, AK 99524