lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: etomcat at freemail.hu (Feher Tamas)
Subject: Re: Hi! Antiviruses Comparison - A Little Research Results

Hello,

>> Only finnish F-Secure and american CA has Windows/Linux AV 
>>products with multiple independent virus scanning engines.
>
>Not exactly. At least Chinese iduba.net from Kingsoft
>uses 2 kernels. As far  as  I  know  Russian  Dr.Web works
>on engine to work with multiple antiviral kernels of
>different vendors.

There is a big difference between using multiple "scan engines" and 
being able to integrate several AV software under one hood or GUI by 
passing them relatively high level calls.

The latter gives poor performance, kinda Amavis-like or a similar to a 
snail in reverse gear.

Only the engine-level (.DLL based) approach can be used for on-access 
protection, which is mainly a Windows requirement. Even this has 
performance penalty, but it is usable (especially on the corporate 
desktops, where users simply cannot disable that annoying realtime 
protection).

Writing multiple engine AV software can be a tricky task, I guess. For 
example there is no standard virus naming across different AV 
developers, yet the user interface must display relatively coherent info 
for the poor PC owner when a virus is found.

MS says Windows 2003.NET Server OS now supports running any two 
different AV software on the same machine, without interference of real-
time protection modules or other function. This could allegedly alleviate 
the need to develop multiple-engined AV software. The feature 
reportedly works in 95% of all cases, but that unlucky 5% could still be 
a lot of people.

I think Linux people should agree on single a disk access monitoring 
module standard (dazuko or other) so that Linux AV can easily watch 
absolutely any disk access in the system, not just Samba or Squid. 
Soon, LinuxAV will be just as indispensible, as Windows AV already is.

Sincerely: Tamas Feher.


Powered by blists - more mailing lists