My understanding of Norton A/V is that it checks ALL programs before running them, depending on what options you set. It takes a little more time, but with my speedy 120 MHz Pentium, the few tenths of a second it takes to run is worth it. > -----Original Message----- > From: [mailto:]On Behalf Of > Daniel Frieling > Sent: Saturday, August 21, 1999 5:39 PM > To: > Subject: Re: Antivirus software > > > >Danny, before you dismiss class and we return to pediatric issues, can we > >take advantage of your computer knowledge a little more. How > good a job do > >you think the standard anti-virus programs do at identifying infected > >attachments before they are run? > > Great job, on KNOWN viruses. > > > IOW, if we receive one of those "cute > >little programs" and scan the program for viruses (with "scan compressed > >files" enabled and updated virus definitions), would you still recommend > >trashing the attachment if it comes up negative? > > ABSOLUTELY!!! If you don't know what it is you're running, who wrote it, > etc., DON'T RUN IT. That is the safest way to go. Ask the sender if their > system is okay, a few weeks after they ran it themselves :) > > > What are the odds of the > >anti-virus software missing a virus under these circumstances? > > Great, see above. > > > And if it > >misses a virus while the attachment is still a compressed .exe file, > >should the anti-virus software then be able to identify it (and > give us an > >opportunity to delete it before damage is done) once the program > begins to > >run. I recognize that computer virus hackers and anti-virus programmers > >are in a continuous game of cat-and-mouse (and there are times when the > >hackers are a step ahead), but what are your general feelings about the > >effectiveness of anti-virus software? Thanks for any thoughts. > > What happens when some RENAMES the HAPPY99.EXE to GEORGE.EXE, then runs > PKZIP on it and makes it into GEORGE.ZIP, then runs ZIP2EXE making > GEORGE1.EXE. Now you run GEORGE1 which is a legit file. This creates > GEORGE.EXE which is really HAPPY99 - and your A/V program is not currently > running because you already scanned GEORGE1.EXE and it was fine. Now you > are infected. > > If your A/V program is running when you *created* the GEORGE.EXE, > hopefully > it will recognize it as HAPPY99 in disguise and warn you. > > Want to take that chance? > > Personally, computers are my business, I enjoy some of the email lists, I > use the net as a great resource - and I do my computer itself. I > just don't > find the need to be entertained by my computer (ba, hum-bug). > > Danny > > *************************** > Daniel Frieling mailto: > Pediatric Software Intl., Inc. http://www.compukid.com > CompuKID, The Pediatric Toolkit > Computer software for primary care pediatrics > (800) WELL-CHILD (800-935-5244) Outside the USA: (973) 726-4444 > *************************** > > > discussion group. >