Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: microsoft!c-rossgr@uunet.uu.net Newsgroups: comp.virus Subject: re: The Shape of the World (PC) Message-ID: <0008.9105201353.AA06044@ubu.cert.sei.cmu.edu> Date: 17 May 91 18:51:04 GMT Sender: Virus Discussion List Lines: 58 Approved: krvw@sei.cmu.edu >From: padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) >.... part of the education we have failed to provide is what the >risks really are. My opinion is that a good regimen (screening & >briefings) plus an integrity routine that will detect anomalies is >what the general population needs. With all due respect, everybody has always been taught that if an ounce of prevention is worth a pound of cure, then two ounces of prevention must be even better. If my code merely did integrity checks, instead of doing integrity checks *and* known signature scanning, I'd lose out to somebody who offers both. That's because *their* marketing people have a single mission in life (as do *my* marketing people): to sell as much code as possible. I've probably hobbled the marketing guys at Microcom (who are quite good, btw, and I recommend the group I deal with to anyone with other types of code) by requiring them to be completely honest in their claims. That honesty is costing marketshare, I bet. >For large corporations, the cost of a site license can be lost in the >noise compared to the cost of trying to administer several thousand >updates (5000 PCs x 10 minutes per update x 4 times per year = 1 2/3 >manyears not to mention the distribution nightmare). Much easier to >take a one-time installation hit plus automatic installation at the >warehouse as part of the distribution process. I agree...to a point. I would think that updating 5000 PC's for a new scanner that differs from the previous one in a bunch of new viral strings for a bunch of "research only" viruses is a waste of time. In the case of my last update, though, some problem areas were worked on, the code was made faster and more reliable, networking is better, etc. Yet, in this climate, if I had merely released code with those enhancements (the ones that I really care about) and not upped the virus count from about 350 to about 420, people would not have downlaoded the code: they seem to have seen the "two ounces" mentioned above as more important then the enhancements. I can't simply say "Yo! *NOBODY* gets the Whale Virus, so why do you care?" >>And the marketing dudes I work with closely at Microcom tell me what >>we can lose a site license because of and where our strong points are: >So be the first to offer BIOS level checking & authenticated paths as >part of the boot process. We do that through the DOS level now, but you raise a good point. I'll incorporate that into the next cut of the code, given time. >Today, the sheer diversity of anti-viral products demonstrates that, >as in pointing devices and user interfaces, the One True Answer has >yet to be found. Unle$$, of cour$e, you buy my code. Ross