I have noticed the following option under the auto-protect options in NIS2008:

-{ Quote: "
Turn on Caching:
Improves the performance of your computer. If you check this option, Norton Internet Security keeps a record of the files that are accessed often and does not scan these files, even when you restart your computer.
" }-

Is this something like the Kaspersky iSwift/iChecker feature? And suppose a file is infected, but Norton has cached a previous uninfected version of the file, then when is the cache purged so it will detect the infected file?

Here's a screenshot of the feature:

200149

Any ideas?

-{ Quote: "Is this something like the Kaspersky iSwift/iChecker feature?" }-

Yes , more or less so.


-{ Quote: "And suppose a file is infected, but Norton has cached a previous uninfected version of the file, then when is the cache purged so it will detect the infected file?" }-

These technologies are supposed to make differences between the previous clean version and the new one , which must have been changed by the threat . Then , the antivirus will notice the file has been changed and will scan the file again .

It is another story , however , if a file has always been infected . At one time the antivirus scans it and it thinks the file is clean . However , at later time , the vendor adds detection for it. The file is the same and hasn't been changed . The antivirus will see this and will not scan it again . It is the antivirus program itself which must see that now the file must be marked as infected or malicious :thumb:

So one can assume that caching can be a security risk and it's better left disabled I reckon....

With Norton Internet Security I would use the default settings . I guess the option is disabled by default .

Generally it can't be considered a security risk . It really depends on the program . I use NOD32 and similar technology is used here -> Optimized scanning . However , here NOD32 will rescan the files upon every signature update or computer restart . With Norton , you show with the screenshot from the help file that files might remain unscanned even after restart. So , it really depends. I also suppose Symantec have taken some precautions to prevent such "risks"

Or the file will be scanned with the updated virus signatures when the file is executed.

a picture is worth a thousand words so here is a pic from the "help" option in nis 2008

EDIT: sorry, I missed the earlier screen shot. can't win them all.

-{ Quote: "a picture is worth a thousand words so here is a pic from the "help" option in nis 2008

EDIT: sorry, I missed the earlier screen shot. can't win them all." }-

:P

But the help text doesn't really explain how it works...

Details might be company's secret