What about double scanning?

[PrevxHelp]

It doesn't use the USN journal. It uses its own logic. It does journal as long as needing (many more than 8 hours).

It won't affect the overhead of WSA to scan archives on-write; it just isn't required as the files pose no threat whatsoever.

[Techfox1976]

@Claudiu

Question for you:
What does MSE4 do to protect you if the RAR file you download contains a virus that isn't detected by MSE4's definitions yet? You download it, and MSE4 scans it, and doesn't say anything is wrong. Then you get on the plane flight, and can't download the new definitions while you are on there, and you open up the RAR and run the infection. What does MSE4 do to protect you then?

Hi,

I am sorry, but this tread is not about MSE4, is about WSA.

Sorry for any inconvenience,
Claudiu

[Triple Helix]

Quote:

Originally Posted by claudiu

Hi,

I am sorry, but this tread is not about MSE4, is about WSA.

Sorry for any inconvenience,
Claudiu

You opened the door and is not Off Topic.

Quote:

Originally Posted by claudiu

My present antivirus (MSE4) will detect and quarantine a malware packed in a RAR archive right after the download is finised, without any other user intervention.

Thanks,

Claudiu

TH

Hi TripleHelix,

I am happy that you consider this as not being off topic; I was afraid that, if I will answer, you will remove the thread as being off topic.

Of course, MSE is not perfect, but is a far better solution than WSA, in my opinion.

WSA has a contradictory approach in PC security:

On one hand , if something is not executed why bother and waste resources scanning it? Just wait till it will execute and intercept it then. This is called reactive approach.

On the other hand, there is a website blocking, a "right click scan" , a custom scan---all these specific to proactive approach in PC security: even though nothing is being executed, still the web site is blocked proactively.

So, by now we figure out that WSA has a reactive component and a proactive component. So why leave outside, scanning a RAR download after download is finished? Is a web site more dangerous and has to be blocked , than a RAR file just downloaded in my computer?

For the time being MSE is doing a far greater job than WSA; while I am offline MSE still has access to the last signature database , when WSA has access to nothing.

Statistically speaking , I feel safer behind MSE than WSA while I am off-line.

This is my last post here, I feel that patience is wearing thin; I Just want to thank Joe for his time and to apologize for any inconvenience I may cause.


Thanks,
Claudiu

[AMIGA500]

Quote:

Originally Posted by claudiu

Hi TripleHelix,

I am happy that you consider this as not being off topic; I was afraid that, if I will answer, you will remove the thread as being off topic.

Of course, MSE is not perfect, but is a far better solution than WSA, in my opinion.

WSA has a contradictory approach in PC security:

On one hand , if something is not executed why bother and waste resources scanning it? Just wait till it will execute and intercept it then. This is called reactive approach.

On the other hand, there is a website blocking, a "right click scan" , a custom scan---all these specific to proactive approach in PC security: even though nothing is being executed, still the web site is blocked proactively.

So, by now we figure out that WSA has a reactive component and a proactive component. So why leave outside, scanning a RAR download after download is finished? Is a web site more dangerous and has to be blocked , than a RAR file just downloaded in my computer?

For the time being MSE is doing a far greater job than WSA; while I am offline MSE still has access to the last signature database , when WSA has access to nothing.

Statistically speaking , I feel safer behind MSE than WSA while I am off-line.

This is my last post here, I feel that patience is wearing thin; I Just want to thank Joe for his time and to apologize for any inconvenience I may cause.


Thanks,
Claudiu

Well the MSE4 thread in this very forum would seem to indicate otherwise.
It may be in your best interests to read that thread first before condemning WSA.
Technically speaking WSA would seem to offer a lot more in terms of protection than MSE.

[Triple Helix]

The topic is about "What about double scanning?" and is not specific to MSE4 so please stay On Topic.

Thanks,

TH