methods of antivirus acceleration

Discussion in 'other anti-virus software' started by Stiletto, Mar 5, 2008.

Thread Status:
Not open for further replies.
  1. Stiletto

    Stiletto Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    1
    Hello,
    I used to work in a computer repair shop. The quickest solution is usually to reformat and reload customers' computers, boot sector viruses aren't too common these days.

    However.

    The thought occurred to me one day: many customers would prefer a disinfection to a reload if possible, they don't like losing their information or paying extra for data backup. But they don't like to wait, and it takes up valuable bench time.

    Suppose money was no object: How could you speed up antiviral/antispyware scanning?

    When going hard-core at the shop, using a BartPE disc with utilities or simply attaching customer's drive to a known good tested working system as a secondary drive and scanning was a good solution. But it often missed the customer's registry.

    The first thing that came to me was: Ghost the drive to an image, load image into a ram drive or SSD or WD Raptor or RAID 0 array on a nice high-end workstation, scan image and remove, restore to customer's drive. But I'm not sure what sort of performance gains I'd see. And how can you easily mount the registry hives and scan those? I haven't come across many solutions that deal with that easily. And rootkits? The most intriguing thing I've seen was Microsoft's prototype security bootdisk diff thing solution, which hasn't been produced AFAIK.

    The next thought I had was: Create a hardware solution for scanning that uses an accelerator card of some sort. But then I'm still tied to (worst-case scenario) the speed of the IDE interface. I saw an intriguing news post regarding GPGPU acceleration last year at the Inquirer, but it turned out to be fake. :(

    And of course, not dealing with a bootdrive might miss out on some obscure virus that only is noticable using heuristic analysis or something.

    I would appreciate any ideas. Mostly I'm thinking about streamlining and accelerating the disinfection process.

    BTW, first post, longtime lurker. :)

    - Stiletto
     
  2. ASpace

    ASpace Guest

    No way . Really . Malware cleaning is very complex these days . Even if you scan a hard drive with 10+ solutions , it doesn't necessary make it clean and fully cleaned.

    Sometimes you may come accross threat not detected by any/most vendors and will need manual investigation . Some Windows functions may well be corrupted so it will take some more time to repair
     
  3. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Slaving the drive then scanning is still the quickest way I have found. Sure it may miss some reg. entries but they are usually rendered harmless by the removal of the exes.\dlls` etc. This used to work very well for me. Had a dedicated server loaded with the latest greatest scanners, clean-up and removal tools. Also the most current "dedicated" malware tools. Granted malware has become far more complex still leading to a backup\format\re-install as the only "sure way.
     
  4. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    there is a simple answer to that.........
    Don't turn your computer on..... :D :D
     
  5. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I was actually just thinking about the idea of scanning an image or slaving a drive. It solves the problems with rootkits doesn't it? You are just scanning a data partition.
     
  6. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    In theory I would say yes. Lets` throw another thought into the mix. Had a friend who suggested only connecting the drive to be scanned via USB. No known viruses, at that time were USB aware. This brings up what you said, we are only scanning a data disk(?). :doubt: With the OS not booted all data on the suspect drive is dormant(?). :ninja:
     
Loading...
Thread Status:
Not open for further replies.