[Full-Disclosure] Re: Hi! Antiviruses Comparison - A Little Research Results
etomcat at freemail.hu
Fri Apr 16 18:11:20 BST 2004
>> Only finnish F-Secure and american CA has Windows/Linux AV
>>products with multiple independent virus scanning engines.
>Not exactly. At least Chinese iduba.net from Kingsoft
>uses 2 kernels. As far as I know Russian Dr.Web works
>on engine to work with multiple antiviral kernels of
There is a big difference between using multiple "scan engines" and
being able to integrate several AV software under one hood or GUI by
passing them relatively high level calls.
The latter gives poor performance, kinda Amavis-like or a similar to a
snail in reverse gear.
Only the engine-level (.DLL based) approach can be used for on-access
protection, which is mainly a Windows requirement. Even this has
performance penalty, but it is usable (especially on the corporate
desktops, where users simply cannot disable that annoying realtime
Writing multiple engine AV software can be a tricky task, I guess. For
example there is no standard virus naming across different AV
developers, yet the user interface must display relatively coherent info
for the poor PC owner when a virus is found.
MS says Windows 2003.NET Server OS now supports running any two
different AV software on the same machine, without interference of real-
time protection modules or other function. This could allegedly alleviate
the need to develop multiple-engined AV software. The feature
reportedly works in 95% of all cases, but that unlucky 5% could still be
a lot of people.
I think Linux people should agree on single a disk access monitoring
module standard (dazuko or other) so that Linux AV can easily watch
absolutely any disk access in the system, not just Samba or Squid.
Soon, LinuxAV will be just as indispensible, as Windows AV already is.
Sincerely: Tamas Feher.
Full-Disclosure is hosted and sponsored by Secunia.