From: FromTheRafters on
"ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message
news:6NqdnSBDIbDVYvTWnZ2dnUVZ_oWdnZ2d(a)giganews.com...
>
> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message
> news:hkbnlo$t9q$1(a)news.eternal-september.org...
>> "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message
>> news:V_CdnVef2KEyYvXWnZ2dnUVZ_uqdnZ2d(a)giganews.com...
>>> When a full scan is done on a computer, are all files of all types
>>> looked at for infection or only files that have changed since the
>>> last scan?
>>
>> Which AV program?
>>
> Well, I'm using McAfee but wouldn't most AV programs operate the same
> way.

Some do, some don't. Some use it for a quick scan but all files (full
scan) still means all files.

> I thought the big difference between AV products was the size of their
> signature library and suspicious behavior algorithms.

The size of their library is a poor metric, and all algorithms have
their downside.

Most important these days is the response time and support channels.


From: ghelf on

"FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message
news:hkbnlo$t9q$1(a)news.eternal-september.org...
> "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message
> news:V_CdnVef2KEyYvXWnZ2dnUVZ_uqdnZ2d(a)giganews.com...
>> When a full scan is done on a computer, are all files of all types looked
>> at for infection or only files that have changed since the last scan?
>
> Which AV program?
>
Is ask this question because I'm curious if I could cut down on how long it
takes to do a full scan of my system. Is 90 minutes pretty typical for a 3
year old computer. Why is it necessary to rescan files that have not changed
since the last scan. Is it necessay to scan text files or are all files
types infectable? I know people will just tell me to do my scans at night
but I am curious as to why it takes so long.

Also if anybody can recommend a good book (novice level) that can explain
what viruses can & can't do. I used to have a good understanding of this
stuff but now it sounds like their is nothing a virus can't do.

From: FromTheRafters on
"ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message
news:l5WdnZ2EbO8F1_fWnZ2dnUVZ_vydnZ2d(a)giganews.com...
>
> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message
> news:hkbnlo$t9q$1(a)news.eternal-september.org...
>> "ghelf" <ghelf(a)sbcglobalDeathToSpam.net> wrote in message
>> news:V_CdnVef2KEyYvXWnZ2dnUVZ_uqdnZ2d(a)giganews.com...
>>> When a full scan is done on a computer, are all files of all types
>>> looked at for infection or only files that have changed since the
>>> last scan?
>>
>> Which AV program?
>>
> Is ask this question because I'm curious if I could cut down on how
> long it takes to do a full scan of my system. Is 90 minutes pretty
> typical for a 3 year old computer.

My system takes about 80 minutes to scan.

> Why is it necessary to rescan files that have not changed since the
> last scan.

They may contain malware that was unknown at the time the files were
last "inoculated" by the change detection feature.

> Is it necessay to scan text files or are all files types infectable?

Not all filetypes are "infectable", but AV scanners have taken to
looking for non-viral malware as well, so non-infectable filetypes are
searched for malware components that may be "hiding" within these
(container) filetypes.

> I know people will just tell me to do my scans at night but I am
> curious as to why it takes so long.

Still, it is done a lot faster than it could be done by yourself. In
fact, I'm willing to bet it would be impossible for you to do this
yourself.

> Also if anybody can recommend a good book (novice level) that can
> explain what viruses can & can't do. I used to have a good
> understanding of this stuff but now it sounds like their is nothing a
> virus can't do.

Unfortunately, you will find as much misinformation as information from
such novice level books.

I'm sure many here will be willing to answer specific questions about
the capabilities of viruses, and what does and does not qualify as a
virus - and why.





From: David Kaye on
"FromTheRafters" <erratic(a)nomail.afraid.org> wrote:

>Not all filetypes are "infectable", but AV scanners have taken to
>looking for non-viral malware as well, so non-infectable filetypes are
>searched for malware components that may be "hiding" within these
>(container) filetypes.

One particularly nasty bit of malware took .txt, .doc, and html files and
added a URL to a site in Poland. The intent, it seemed, was to reach that
site one way or another for further instructions. It was amazing because as
the malware ran it was rapidly going through the disk and infecting only those
kind of files that could be loaded via a browser or a Microsoft Office suite
program. It left executables alone!

All in all, about 5000 files were affected until I realized what was going on
and stopped it.

Also, there was no program available to reconstruct those files without the
URL in them. So, my remedy was to warn the customer and to put an entry in
the hosts file to redirect attempts to local machine.