home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!spool.mu.edu!yale.edu!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: chess@watson.ibm.com (David M. Chess)
- Newsgroups: comp.virus
- Subject: re: A user's view of IBM's antivirus/2 (OS/2)
- Message-ID: <0019.9212151931.AA10887@barnabas.cert.org>
- Date: 11 Dec 92 16:30:20 GMT
- Sender: virus-l@lehigh.edu
- Lines: 57
- Approved: news@netnews.cc.lehigh.edu
-
- > From: ygoland@edison.SEAS.UCLA.EDU (The Jester)
-
- > In conclusion, IBM's AntiVirus/2 is the friendliest anti-viral program
- > I have seen. Its easy to install, set up, and use.
-
- Glad you liked the program! We're pretty proud of it. I think
- it's still the only OS/2 anti-virus program that has disinfection
- features, an easy GUI interface, and all the rest. Brag, brag! *8)
-
- > But it's integrity
- > Management features leave alot to be desired.
-
- > this program does not list all files that have changed and how they have
- > changed.
-
- The short answer to this is that it's an anti-virus program, not
- a change-management or integrity-management program. But that's
- a cop-out. We did test internally a program that showed you every
- file that had changed (with hints as to which changes were most
- likely to be a virus). A few people liked it a lot, but most people
- found it basically just noise. Since programs change a *lot*, and
- very very few of those changes are caused by viruses, people got
- very tired of reading the change reports. Most users didn't want
- to know about a change unless it was caused by a virus. They
- didn't want to be told that SETVER.EXE had changed (because they
- added a SETVER entry), or that 123.EXE had changed (because they
- upgraded), or that their boot record had changed (because they
- changed a volume serial number).
-
- If enough people tell us that they want their anti-virus program
- to also help with change management, we'll certainly consider
- how to do that. But in general change management and virus
- protection seems to be mostly distinct; the vast majority of
- changes are non-viral, and if you want to know about them
- anyway it's probably because you have some other interest
- besides viruses.
-
- As usual, I'd love to hear from anyone who has different data;
- if there are large classes of users who want to know about
- every change on their machines, we'd like to help them, too.
-
- > Right now when you run a virus
- > check you only get a message if something goes wrong, nothing else
- > shows up. Thats great!
-
- That's it exactly. If enough people also want to see an entry in
- the log for every file that has changed, we'll look into making it
- an option. My fear is that, even if we say otherwise in big
- letters, people will assume that if an anti-virus program even
- mentions a file, that file must have a virus in it! *8)
-
- DC
-
- - - -- -
- David M. Chess | IBM AntiVirus/DOS and /2, in the U.S.:
- High Integrity Computing Lab | Retail: 1-800-551-3579
- IBM Watson Research | Site Licenses: 1-800-742-2493
-