"Li'l Abner" <(E-Mail Removed)> wrote in
news:Xns9FBFA5AD5695butter@wefb973cbe498:

> I see updates mentioned here on occasion but I have never ever really
> seen any discussion on how it works or how it compares to other
> products. I have been to their website and read their FAQ's. There was a
> list of malware scanners that it incorporates and I noticed that
> Malwarebytes or Superantispyware is not on the list. There's no mention
> of whether definitions are updated daily. When ibeholda posts about
> "finally sorting out another collection" and "ETA of full update will be
> approximately 3 days from now" does this mean that the updates only
> occur once in a while? Is this a real time virus/malware application?
> Just what the hell is it for sure? :-)
> I know it must be OK because the regulars in here speak well of it or at
> least I never see anyone cutting it down.
> In my opinion, the home page does not offer a very good description of
> what the product is or what it does. Not for plain folks anyway... :-)

Hi Abner. Hopefully it's author will see your post and respond. I know he's
been working on it for years.




--
Character is doing the right thing when nobody's looking. There are too many
people who think that the only thing that's right is to get by, and the only
thing that's wrong is to get caught. - J.C. Watts

To answer your question, plugins aren't something I update
frequently. If there's a scanner that a user would like to add
support for, simply add it into AVSupport.dat using the following
entries:

;Productname
appstub [path] {switches}, or however that particular product handles
commandlines. TT Livescan handles everything else from there.

As for the database, I try to update it about twice a week, however, I
don't always make announcements about it, unless it's a MAJOR update,
in this case, the update including nearly 600k in definitions. When I
have spare time, I'll either swap archives with other people, or
actively search for live samples. On top of utilizing sites that make
their information publicly available, the aforementioned technique is
where I get some of the definitions from. However, keep in mind that
there isn't just one database, but that there are currently a total of
8. The next major application rewrite will make use of 13 databases,
each with their own method of detecting specific types of malware.

When I reference "ETA", I'm talking about the actual time it takes to
upload that particular section, in this case, the blacklist database,
specifically uploading 1048576 files. While it takes longer to do it
this way, ultimately it benefits the user by allowing extremely fast
scantimes over the internet by accessing increasingly specific data.
I could make the scantimes faster, however, my provider only allows a
certain number of files per user account, otherwise, I would be able
to parse and upload the files in a much more efficient manner. By
that, I refer to having literally millions upon millions of files in a
single directory.

TT Livescan is an on-demand scanner. There are other products that
allow real-time protection, and although I could implement that (and I
did with VTE Virus Scanner), ultimately, I don't believe there's much
point to it. I'm not saying this to be rude, but if a consumer wants
realtime protection, look elsewhere. A new, undetectable threat will
penetrate a security system no matter if you're using an on-demand or
realtime protection module. This is why I stopped offering a realtime
protection module years ago, as I now view it as nothing more than a
dog and pony show. What I'm offering is comprehensive detection in
pure, concrete, quantifiable numbers.

Hopefully, that answers some of your questions. If you have anymore,
please feel free to ask, and I will do my best to answer them.