This doesn't really consider "downstream liability", passing the unscanned
file to others who may not be A/V protected. Your real-time scanner didn't
scan the file, you have not opened the file for scanning to occur, and it
sits on your system for whatever reason, unscanned. Yes, your customer,
friend or business associate may have chosen to rely on gateway scanning
only or not to protect themselves from the threat of viruses due to
complacency or ignorance. Do you want to be the vector of infection? How
does that look for your own and your company's reputation? Have you
practiced due diligence?

There is a definite and increasing threat from malware. It has been so for
many years, and will likely continue to be so for many more. It is not the
only threat, but it is credible and prolific. I would recommend that this
is probably not the time to reduce your efforts to protect your assets, or
the assets of your friends, colleagues and business associates. Accept that
scanning will introduce some short term pain, schedule your pain for a
"convenient" time, but accept the pain. The alternative is SO much more
painful.

I perform a light scan on my home system daily, do a weekly full scan with
full heuristics, and have real-time scanning enabled. I investigate every
instance of a possible infection reported by the heuristics engine and tweak
it accordingly. My scanner meshes with my email client to scan in and
outbound email. It also integrates with my personal firewall and IDS system
to report any unauthorized SMTP enabled applications that may attempt to
send email, or forward something nasty to me. It isn't fort knox, but it
provides a level of security in-depth that makes me reasonably comfortable.
In the coming months, I will be adding further levels of security to my home
network, replacing out of date firewall devices and adding further reporting
mechanisms. Not just because I enjoy tinkering, and desire to learn more
and more about security, but also because there is a clear and present
danger on the wire. My online information, although generally not
"personal", is important and valuable to me, even if it is of little use to
others.

Mark

-----Original Message-----
From: Robert Sandilands [mailto:rsandilands (at) authentium (dot) com [email concealed]]
Sent: Thursday, December 29, 2005 12:14 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: Do we still need scheduled scan?

Hi Cathy,

Real-time scanners should catch all malware that can directly affect
you. But it may decide not to scan that 500 MB zip file for performance
reasons. That file may contain a virus and a scheduled scan will detect
that. But there is no direct way you can be affected by that virus
without extracting the file, at which time the real-time scanner will
protect you.

Robert Sandilands

Sewell, Cathy wrote:

>>From discussions with the anti-virus vendors during various crises over
the years, I've learned that the real-time scans are optimized for speed,
while the scheduled scans are focused on thoroughness. This means,
disturbingly, that malware can elude the real-time scan, yet be caught by
the more-thorough scheduled scan. Hence the anti-virus vendors continued
recommendations to run weekly scheduled local scans on all computers.
>
>- CSewell
>
>-----Original Message-----
>From: Doug Fox [mailto:dfox168 (at) hotmail (dot) com [email concealed]]
>Sent: Wednesday, December 28, 2005 2:28 PM
>To: focus-virus (at) securityfocus (dot) com [email concealed]
>Subject: Do we still need scheduled scan?
>
>If we have already implemented virus scan at the gateway, on the mail
>server, on individual servers, and real time scan on workstations/laptops,
>do we still need scheduled, e.g., weekly, scan on workstations and laptops
>as well as servers?
>
>Schdeuled scans really slow down some machines.
>
>Any comments are appreciated.
>
>Thanks,
>
>Doug
>
>
>

--
---------------------------------------------------------------------
Robert Sandilands: Software Engineer
Disclaimer: http://robert.rsa3.com/disclaimer.html
Authentium: Home of Command Software
www.authentium.com

[ reply ]