I had a little discussion about antivirus software with a friend of mine last night. He believes that it is more important to have inbound and outbound e-mail scanning with weekly virus updates. He uses McAfee VS9 and figures if it's something important, the updates will come. I said it was more important to have daily updates and not have to worry about some outbreak. You can live without outbound e-mail scanning (I'm using BitDefender 8 Standard at the moment). The discussion implied that both AVs had to have good detection also. That was a given.

Any thoughts? I'm hoping the experts here will back me up on this one so that I can show him and gloat. ;D


Thanks
Graystoke

graystroke,

E-Mail scanning is NOT a required feature b'coz the realtime monitor is gonna intercept the infected emails anyway.

Daily updates are essential because only dailies will protect you against new zoo malware, and zoo malware is still obtainable, as I've got plenty of times...And yes daily updates ensure the best response time to any new threat.

Regards,
Kaushik (Firecat)

-{ Quote: "graystroke,

E-Mail scanning is NOT a required feature b'coz the realtime monitor is gonna intercept the infected emails anyway.

Daily updates are essential because only dailies will protect you against new zoo malware, and zoo malware is still obtainable, as I've got plenty of times...And yes daily updates ensure the best response time to any new threat.

Regards,
Kaushik (Firecat)" }-


That is what I kept telling him. :) Thanks Kaushik.

Regardless of Advanced Heuristics , daily is ALWAYS better than weekly . I did not know anyone cannot see that . THAT is what should have been a " given " .

McAfee home users get daily soon anyway so he will probably agree with you then. :P

-{ Quote: "daily is ALWAYS better than weekly." }-To extend the concept further, hourly is better than monthly...

Cheers ;D

The thing with outbound email scanning is that if the real-time monitor can't detect the file that's sending the email, what makes you think an outbound email scanner would? I believe this would also be vulnerable to any 'firewall bypass' tricks.

Daily updates are important, however, although I think the ITW malware would be the greater concern here (than zoo.) When the next major worm hits, you don't want to have to wait a week to be protected against it.

Thanks to all. I'll have to call my friend and tell him to check out this thread. He probably won't change AV's, since like Ianb said, McAfee is supposed to go to dailies soon. But at least with your help, I proved my point. ;D

Hey BlackSpear .
If I wanted it extended , I would have done it myself . lol . Only teasing . You know that . And cannot argue with your statement .

Forgive me if I'm wrong, but I do believe that only users of McAfee's enterprise level software will get automatic daily updates.

Hi quexx .
Long time . Anyway . McAfee finally changed that . At least , that is my understanding . They have either begun or are going to begin daily updates for personal users .

McAfee has said daily dat updates will be "later this summer" for consumer products.

(Too late for me though, my Mc subscription expires later this month, I'm now a happy camper with hourly updates from GData).

-{ Quote: "graystroke,

E-Mail scanning is NOT a required feature b'coz the realtime monitor is gonna intercept the infected emails anyway.

Daily updates are essential because only dailies will protect you against new zoo malware, and zoo malware is still obtainable, as I've got plenty of times...And yes daily updates ensure the best response time to any new threat.

Regards,
Kaushik (Firecat)" }-This would more or less be my response as well. So I will just second this one ;)

Off Topic: Looks like Blackspear has gone High Tech with his avatar. ;D ;)

-{ Quote: "Hey BlackSpear .
If I wanted it extended , I would have done it myself . lol . Only teasing . You know that . And cannot argue with your statement ." }-
YOU WANNA argument, come on let's argue ;) Hmmm what are we going to argue about, maybe we should meet down the pub and have a chat about what the subject will be, your shout, see you there in 10 ;) ;D


-{ Quote: "Off Topic: Looks like Blackspear has gone High Tech with his avatar. ;D ;)" }-Ahhhh yes, a fellow Queenslander did a marvellous job, well I reckon so ;) ;D

Cheers ;D

-{ Quote: "Off Topic: Looks like Blackspear has gone High Tech with his avatar." }-
Yeah, it's nice. Looks a bit like the hood ornament from a Yugo. 8)

I don't think anyone mentioned this but -- if someone surfs on the blood-splattered knife-edge of wild & dangerous websites, s/he is eventually going to come into contact with TOMORROW'S malware, for which no signatures have yet been developed. In such case, s/he better have an AV with industrial strength heuristics (such as NOD, DrWeb, etc). AFIK, McAfee is NOT noted for having a heuristics engine of this caliber.

-{ Quote: "Yeah, it's nice. Looks a bit like the hood ornament from a Yugo. 8)" }-LMAO, I know what a Yugo is, this is the last one I came across, had been used for a week ;) ;D


-{ Quote: "…In such case, s/he better have an AV with industrial strength heuristics (such as NOD, DrWeb, etc). AFIK, McAfee is NOT noted for having a heuristics engine of this caliber." }-Very good point, nice catch.

Cheers ;D

-{ Quote: "LMAO, I know what a Yugo is, this is the last one I came across, had been used for a week ;) ;D" }-
A bit of paint & some new tires, & that limo should be good to go, wot? ;D :D :) ;D

-{ Quote: "I don't think anyone mentioned this but -- if someone surfs on the blood-splattered knife-edge of wild & dangerous websites, s/he is eventually going to come into contact with TOMORROW'S malware, for which no signatures have yet been developed. In such case, s/he better have an AV with industrial strength heuristics (such as NOD, DrWeb, etc). AFIK, McAfee is NOT noted for having a heuristics engine of this caliber." }-bellgamin,

Excellent way to put it, tomorrows malware.

McAfee was not too bad in the last www.av-comparatives.org (http://www.av-comparatives.org/) pro-active/retrospective test. NOD32 was the leader of the pack, with Bitdefender/Dr.Web/KAV/McAfee in the second tier level, with those followed a bunch of trailers. All the program versions have now been superceded, so who knows how things stack up.

Back to the thread topic - one thing that everyone's ignored is the growing prevalence of e-mail scanning at the ISP level. I didn't realize it myself until I ran some tests that required "virus" samples to get mailed to me. None made it past the ISP's server. It hadn't been widely publicized, but I get very decent mail coverage at the server level, which does lessen the importance of mail scanning for me.

As with most of the others - I'd lean towards rapid updates. Note that even the "weekly" updated products update sooner with significant threats, although that is small comfort to anyone compromised by a "minor" piece of malware.

For me, the answer to your friend is actual experience. The most recent cases where I've personally dealt with an infection (my own or others) have been situations with currently propagating epidemics. Quick deployment of signatures would have been key in these cases, they just weren't quick enough.

Blue

Even though McAfee doesn't have daily updates for home users yet, they can still use the daily dats to update. Take for instance, I waited for McAfee to do it's weekly update thing on Wednesday evening. Thursday evening I downloaded and installed the daily dat. A whopping 135 more detections added in just one day, and that is a fact. Weekly updates were the norm in the past, but daily updates are here to stay, and even McAfee has acknowkledged the necessity for daily updates.

McAfee contradicts itself by saying to not use the daily dats for home users because, for the time being, it is for the corporate customers, but they do allow the public download, and they do say a home AV user is not denied access. I just think that they cover their butts because when one copies the daily dats to the VSO folder, there is always a chance of corruption. Backup the VSO folder before copy, and every thing is good.

Blue does make a good point. Since my ISP, Charter Communications, has been scanning emails with their Ironport AV(Sophos engine), I have not had one single virus sent to me on three different email accounts in over 6 months. I have seen a few phising scams but that's all. Before they started scanning, I would get up to 15 viruses a day during a heavy outbreak, and getting a virus in an email was just normal to me. Now it's not, at least not for me.