McAfee VSE Questions

Question 1:

I've already done these:
a)Disabled splash screen through SkipSplash key.
b)Disabled UpdaterUI.exe through CurrentVersion\Run key.
c)Disabled TBMon.exe through CurrentVersion\Run key.
d)VsTskMgr.exe start-up mode set to manual.

BO protection,e-mail modules,firewall etc. are not installed,
just the pure anti-virus engine (and the tdi driver,of cource,
why disable something that doesn't cause conflicts in first place?).

Anyone knowing of any more ways/tricks to lower memory usage?
Please,don't reply with something like...Nod32 or Dr.Web!
----------------------------------------------------------------
Question 2:

What is the exact difference between:
Scan Files a)when writing to disk and b)when reading from disk?
Writing to disk is fairly understandable,but the reading?
What exactly does it prevent?
Google revealed this post in Novell 's pages:
hxxp://www.novell.com/coolsolutions/tip/16436.html
(Scroll down to read Roger Sanders reply).
Can anyone clarify on this?

 

Just wondering why you need to disable so many moduals? VSE runs pretty light anyway.

 

1)I strongly believe that there can't be a reliable method of protecting applications from buffer overflows.
McAfee 's BO protection has 'caused problems to enough people,at least from what i've read in their forums,
and the DEP in XP SP 2 is propably another one of Microsoft 's jokes.
Either the programmers audit their code/applications before they distribute them,
or else,the damage pretty much is done.
2)I never use mail clients and I think that nobody should.It's a tremendous,very serious risk...in the end,
are people so bored of just pointing their browser in a free mail service like Gmail,Hushmail,whatever?
I might have used mutt in *nix boxes 3-4 times,but that's all.
Do you know that FreeBSD warns you when you try to install Pine(a popular unix mail client),
because of it's vulnerabilities' history?That makes quite easy a comparison with Windows and Outlook,
'cause both have a VERY long history of security problems,much more than Pine(and FreeBSD of course...)
3)Already running a pretty much rule-hardened firewall on my router.
And because i'm quite a maniac,ZoneAlarm also runs a second layer.

Pretty light,well,it sure is lighter than Norton,or even McAfee for home users.
But i'm the type of guy who likes to search,read,learn and tweak things as much as possible...
for example,the tweaks above freed-up about 12-13 mb of memory at start-up...
boot-time is also kind of faster.Why not ask for more?

 

The Buffer-overflow protection in VSE is actually useful if you don't have any other programs that conflict with it. For instance, it was able to block the WMF exploit by default, which I believe DEP was not able to do without putting it on maximum settings. Though I think this was one of the first times the BO module was useful against new malware.

 

And browser software has a much better history security wise?

 

Quote:
"And browser software has a much better history security wise?"

He-he,that's a really good comment ,i couldn't agree more on that...
My thought actually is that,since naturally EVERYBODY uses web-browsers,
why should someone add one more pretty much vulnerable piece of software in his/her machine...

Quote:
"The Buffer-overflow protection in VSE is actually useful,
if you don't have any other programs that conflict with it...
it was able to block the WMF exploit by default,
which I believe DEP was not able to do without putting it on maximum settings..."

VikingStorm,I pretty much agree with you:I didn't say that VSE 's BO is useless,
i guess it can do a pretty good job in various aspects...
i just said that i cannot trust it as much as McAfee advertizes it,
for the reasons i 've already mentioned.After all,as far as i know,
it only protects certain Microsoft-based apps (correct me if am wrong).
So,it mainly was just a matter of taste to choose not to install it...in the final end,
everyone gives something out for easiness in the price of a less extended security:
while a lot of people get bored of pointing their browser in a free mail service...well,
i personally got bored of going through the process of manually searching for possible conflicts.

Concerning DEP,my poor opinion is "stay away":to me,it's just Microsoft 's "gentle" way,
of passing restrictions to what kind of software is allowed to run on a machine,
just another form of a DRM-based product,opening the "Palladium" way to say it straight.
That point of view might sound too much "unixish" to a lot of people,
but i'm not changing my mind on that:they ought to better (re-)write their code in SP2,
not adding more to eventually find flaws in image formats dated back in late 80s/early 90s...

 

sowhat:

Just curious how you would update the virus definitions...do you run UpdaterUI.exe manually and then close it manually?

One good thing I like about KAV4.5, which I run "on demand" only is that I can add a command to any task scheduler (C:\PROGRA~1\COMMON~1\KAVSHA~1\avpupd.exe /q), which will download updates and close the updater when completed. So I can use KAV4.5 "on demand" without having ANY processes normally running at all unless I'm scanning a file. Have you seen any way to do this with VSE? I prefer doing it automatically, since I run a task scheduler that only uses 1 MB when idle.

Sorry you were looking for answers and now you have more questions!

 

noway,sowhat...
it's all a matter of having an attitude towards life i guess...

...I just right-click the shstat.exe icon in taskbar and update.
Hmmm,external scheduling,haven't really thought about it...
in the "C:\Program Files\Network Associates\VirusScan" dir,
there exists the "mcupdate.exe"...
by opening it in simple hex editor,it revealed a lot of parameters,like:
QUIET,ROLLBACKDATS,CONFIG,UPDATE,
UPGRADE,IMPORTSITEFILE,TASKNAME etc.
I think something like this would do the trick with any taskmanager.
You could try XVI32 or BinText to see what else options exist there.
Didn't go through the manual yet...it might actually be more informative,
so that strings-searching is not needed.

Also,if it happens that you know basic scripting or have any friends that do,
i guess it would be pretty easy to include some if/else statements in a .bat,say:
if mcupdate /IMPORTSITEFILE blah-blah NOT successful,
go to mcupdate /ROLLBACKDATS...
But i can't help more with that,sorry...
(maybe when i get more free time,i'll try learning Python 's basics).

Also,googling for "mcupdate parameters" also revealed as first post:
hxxp://www.novell.com/coolsolutions/trench/3479.html
Seems that the Novell guys have done a great job in testing VSE,
i should search for more pages/posts of them...