D
DaVinci
Bob said:
IIRC, it was an option in 6.x version for the real-time scanner to scan
within zip files. With the 7.x release, CA dumbed down the
configuration options. Nonetheless, it's worked well for me.
IIRC, it was an option in 6.x version for the real-time scanner to scan
within zip files. With the 7.x release, CA dumbed down the
configuration options. Nonetheless, it's worked well for me.
W
What's in a Name?
Heather said:(VBG).....btw, I had a good look at your website and I am impressed with it.
And that's no joke.....)
I have been away from news groups for a while, so trying to catch up. But I
will say, without reservation.....any Symantec product screws up WinME, yet
they still sell it saying it is compatible with it......NOT!!
XX Heather (Figgs)
Thank you Heather for your kind words. I have tried to make my site a
good resource for the beginner.
-max
"give a man a fish and he'll eat for a day-
teach a man to fish and he'll sit in a boat all day and drink beer"
K
kurt wismer
Bob said:
mcafee was lying to you... you cannot scan something before it is on
your machine (either in ram or on the disk)...
and you cannot scan the contents of a zip file until you can decompress
the contents of a zip file and there may well be cases where that
requires the entire zip file to be on your system...
B
Bob
Then why can CA AV do it?
First you have to set your browser to ask you what to do with
executable files like "*.com".
My version of Mozilla is set up to ask me if I want to Save To Disk.
That's because it recognizes that kind of file as
"application/x-ms-dos-program" and does not know how to handle it.
Now put this link in your browser: http://eicar.com/download/eicar.com
What happens? In my browser I get the dialog box that asks if I want
to Save To Disk. But before I even respond, CA AV pops up and informs
me about the Eicar Virus. I did nothing - no downloading whatsoever.
Are you now prepared to recant your incorrect pontification.
F
Frederic Bonroy
Bob a écrit :
No, you didn't download it, but your browser did. While you were
deciding what to do, i.e. while the dialog box was open, your browser
was already downloading the file in the background to save time. That is
common practice. Since eicar.com is such a small file, it was fully
downloaded before you could click away the dialog box.
No, you didn't download it, but your browser did. While you were
deciding what to do, i.e. while the dialog box was open, your browser
was already downloading the file in the background to save time. That is
common practice. Since eicar.com is such a small file, it was fully
downloaded before you could click away the dialog box.
B
Bob
eicar.com is 68 bytes. eicar.com.zip is 184 bytes. Why did Mozilla
decide to preload the one and not the other?
Or did it preload the zip file but CA AV did not look inside to see if
there was a virus?
You do not have to unzip a zip file to see its contents.
N
Norman L. DeForest
The file *is* downloaded. CA AV just prevents it from being permanently
saved to disk. (If it's a large file, at least part of it will have to be
saved to disk to a temporary file unless you have enough RAM to cache the
entire file during the download. The temporary file will just be deleted
when the antivirus blocks your computer from permanently saving the file.)
His statement is correct. A scanner on *your* machine can't magically
read a file on another server without fetching *and downloading* it.
F
Frederic Bonroy
Bob a écrit :
No idea, I did not follow this thread.
To see the directory (the list of the items stored in the zip file), you
don't need to unzip it, no. But in order to access the actual items,
they need to be extracted from the zip file first. This can be done
automatically by software, by a virus scanner for example, and is
transparent to the user. The decompression takes place even if it's not
visible to you.
No idea, I did not follow this thread.
To see the directory (the list of the items stored in the zip file), you
don't need to unzip it, no. But in order to access the actual items,
they need to be extracted from the zip file first. This can be done
automatically by software, by a virus scanner for example, and is
transparent to the user. The decompression takes place even if it's not
visible to you.
B
Bob
OK then why doesn't CA AV do just that and thereby warn the user that
a zip file contains a virus before he downloads it?
As it is now, you have to download the zip file and then you have to
remember to scan it manually, which is something most users are not
going to do.
Then you have to unzip it and extract it to a directory before CA AV
detects it, and then CA AV does nothing about it. You end up with the
virus on your disk. If your unzip utility automatically executes the
file after you acknowledge its detection by CA AV, then you will have
infected your computer.
F
Frederic Bonroy
Bob a écrit :
Perhaps it's not designed to do so, or perhaps it's not configured to do
so... I'm not familiar with this particular product.
They should, however. Unless they are willing to put some effort into
protecting themselves, they will inevitably run into trouble someday.
Yes - but it's an inactive virus. I'm somewhat surprised that CA does
not scan .zip files. I'm pretty sure the on-demand scanner can be
configured to do so; if the on-access scanner doesn't, then it's
probably for performance reasons. But, again, I'm not familiar with CA.
Automatic execution is never a good thing from a security point of view.
Perhaps it's not designed to do so, or perhaps it's not configured to do
so... I'm not familiar with this particular product.
They should, however. Unless they are willing to put some effort into
protecting themselves, they will inevitably run into trouble someday.
Yes - but it's an inactive virus. I'm somewhat surprised that CA does
not scan .zip files. I'm pretty sure the on-demand scanner can be
configured to do so; if the on-access scanner doesn't, then it's
probably for performance reasons. But, again, I'm not familiar with CA.
Automatic execution is never a good thing from a security point of view.
B
Bob
It is not designed to do so. There is no configuration possible.
That's my complaint.
It is we who ultimately pay the price. Just look at all the twits that
allowed their machines to become infected with a trojan which the
hackers can use to mount DoS attacks. They have become so bold that
they are demanding extortion from website owners.
I was not talking about eicar. I was talking about viruses in general.
I'm somewhat surprised that CA does
Of course the on-demand scanner scans it - that's what "on demand"
means. Regardless of performance reasons, CA AV should give the user
an option to scan on-access anything that he wants. After all, how
many ZIP files do people download in a typical day.
Yet most people do not turn it off. I installed the latest version of
Mozilla and the default settings over-rode my earlier setting and all
of a sudden it was auto-executing things. I immediately fixed it. Most
people would not have the understanding to do that.
F
Frederic Bonroy
Bob a écrit :
I wasn't talking about Eicar either.
All viruses are inactive after they have been unzipped. They must then
be launched somehow in order to become active.
If you value the ability of an on-access scanner to scan zip files and
if that is why you are complaining, then I suggest you switch to a
competing product that offers the functionality you want to have and
perhaps suggest to the producer of CA that such functionality be added
in future versions. I don't see what else you could do.
True - but then again, people must be educated. Relying on virus
scanners to compensate for security holes or improper configuration will
not always work.
I wasn't talking about Eicar either.
All viruses are inactive after they have been unzipped. They must then
be launched somehow in order to become active.
If you value the ability of an on-access scanner to scan zip files and
if that is why you are complaining, then I suggest you switch to a
competing product that offers the functionality you want to have and
perhaps suggest to the producer of CA that such functionality be added
in future versions. I don't see what else you could do.
True - but then again, people must be educated. Relying on virus
scanners to compensate for security holes or improper configuration will
not always work.
R
Roger Wilco
Bob said:
Why should he? He's correct!
And I might add that your browser and OS may be lying to you too.
)What a computer actually does is often quite different than what the
user expects.
B
Bob
Won't happen.
K
kurt wismer
Bob said:
it too is lying to you...
no... just because you haven't saved it to a user selected file on your
computer doesn't mean it hasn't already been downloaded...
every page you load gets downloaded to your machine... every image you
view, every document whose address you enter into the address bar...
this happens *without* asking you where to store the things... it's
called a cache...
further, if your anti-virus is 'clever' it may (and i'm pulling a
feature out of my arse here, i don't know that any actually do this)
pre-fetch the content your browser is trying to download in order to
check it before you're ever given the option of saving the file to a
non-cache location...
either way, it's an simple fact that in order for a program running on
your computer to examine a chunk of data and determine *something* about
it, that chunk of data has to first be read into local memory... if that
chunk of data originated somewhere on the internet that means it has to
first be transmitted to your machine in order to be read into local
memory... therefore you cannot scan something before it is downloaded...
K
kurt wismer
Bob wrote:
[snip]
mozilla didn't differentiate but your anti-virus may have...
*something* has to perform the unzip process in order to see the
contents, even if it is only performed in memory...
[snip]
mozilla didn't differentiate but your anti-virus may have...
*something* has to perform the unzip process in order to see the
contents, even if it is only performed in memory...
K
kurt wismer
Bob wrote:
[snip]
no, you do not have to do that... when you decompress the file manually
the contents will get scanned automatically by the on-access scanner...
if your av detects a virus in the file it will prevent you from
accessing the file (you can't execute it, you may not even be able to
save the decompressed contents to disk)...
[snip]
no, you do not have to do that... when you decompress the file manually
the contents will get scanned automatically by the on-access scanner...
if your av detects a virus in the file it will prevent you from
accessing the file (you can't execute it, you may not even be able to
save the decompressed contents to disk)...
K
kurt wismer
Bob wrote:
[snip]
better still - how many zip files does a person access without
decompressing?
the contents of a zip file are not dangerous until you extract them,
therefore they do not need to be scanned by an on-access scanner until
that point... on-access scanning is a potentially expensive process, if
you throw in automatic in-memory decompression of compressed archives in
the mix then that potential can become reality quite easily... people
will not use an on-access scanner that slows their system to a crawl...
i've been using mozilla for years... i've never seen it auto-execute
anything...
[snip]
better still - how many zip files does a person access without
decompressing?
the contents of a zip file are not dangerous until you extract them,
therefore they do not need to be scanned by an on-access scanner until
that point... on-access scanning is a potentially expensive process, if
you throw in automatic in-memory decompression of compressed archives in
the mix then that potential can become reality quite easily... people
will not use an on-access scanner that slows their system to a crawl...
i've been using mozilla for years... i've never seen it auto-execute
anything...
K
kurt wismer
Bob said:
ok, give me your name, address, telephone number and credit card
number... i want to show you something...
what's that you say? you're not dumb enough to do that? well how could
that have happened without becoming educated?
B
Bob
You make a very good point.
I am not going to be concerned about CA AV not warning me in advance.