delta sigs

[curious]

What does "delta signatures" mean?

 

[Bill Sanderson]

I should let Steve answer this since he actually knows the answer, and I'm
just guessing, which I do rather too much of sometimes:

I believe that in this case "delta" indicates "changed"--i.e. instead of
completely replacing the full definition files, they are "patching" the
files using a process which I would expect will transmit just the change
information (much smaller!), apply the changes to the files in place, and
checksum the result to be certain that the process results in identical
files on each system.

 

[curious]

Thanks.
That makes a lot of sense. Like in calculus, where delta
or its associate symbol (a triangle) means a small
increment or change.

 

[Steve Dodson [MSFT]]

Delta Patching is only adding the new threats to the old threat list. For
example... if we had 10 threats in build one and needed to add in another 5
threats, we could accomplish this 2 ways.

1) Normal signature release - This way we would re-engineer the whole
package which included all 15 threats.
or
2) Delta patch release - We would take your old signature file and add the
additional 5 threats to it

The advantage of delta patching is that the download does not increase in
size over time. I hope that explains it well. Post back if it does not, and
I may write a blog on it.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[curious]

Thanks very much, Steve.
You made it very clear. I appreciate that.