Jump to content



Photo

Do AV companies check each definition update against windows?

hdvideo

  • Please log in to reply
33 replies to this topic

#16 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 December 2012 - 20:47

Video added to first post


#17 Denis W.

Denis W.

    The True North!

  • Tech Issues Solved: 6
  • Joined: 06-March 05
  • Location: Toronto, Ontario [CA]
  • OS: Windows 8.1 Pro and OS X Mavericks
  • Phone: iPhone 4S

Posted 26 December 2012 - 20:55

Regarding digital signatures, Avast does have this option. Executables are still open for scanning though.

Posted Image

#18 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 December 2012 - 20:59

Regarding digital signatures, Avast does have this option. Executables are still open for scanning though.

Posted Image


What setting is that under?

#19 Denis W.

Denis W.

    The True North!

  • Tech Issues Solved: 6
  • Joined: 06-March 05
  • Location: Toronto, Ontario [CA]
  • OS: Windows 8.1 Pro and OS X Mavericks
  • Phone: iPhone 4S

Posted 26 December 2012 - 21:02

What setting is that under?


File system shield's settings, under the Advanced tab.

#20 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 December 2012 - 21:04

File system shield's settings, under the Advanced tab.


Sweet. Thanks. See it can be done!

#21 Astra.Xtreme

Astra.Xtreme

    Electrical Engineer

  • Tech Issues Solved: 4
  • Joined: 02-January 04
  • Location: Milwaukee, WI

Posted 26 December 2012 - 21:11

Sweet. Thanks. See it can be done!


Is that option on or off by default?

#22 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 26 December 2012 - 21:16

Give me an example in the case of Microsoft and signed files. We are talking about Microsoft and not the security of 3rd party applcations.

The example doesn't have to be specifically about MS and signed files.

you're still asking a company who's primary job it is to provide security to lay their trust in a third party and not go all the way in providing security.

Imagine if big security firms when hired for huge contracts went ahead and just said "ok so you already installed door locks and alarms yourself ? ok, we'll just trust that those locks and alarms work fine, and provide you with some guards in case something should happen." Think about it.


The signed files may and probably is fine and would prevent any undetected changes, BUT the AV company CANNOT guarantee that, they CANNOT trust that.

#23 xWhiplash

xWhiplash

    Neowinian Senior

  • Joined: 07-March 08

Posted 26 December 2012 - 21:19

The example doesn't have to be specifically about MS and signed files.

you're still asking a company who's primary job it is to provide security to lay their trust in a third party and not go all the way in providing security.

Imagine if big security firms when hired for huge contracts went ahead and just said "ok so you already installed door locks and alarms yourself ? ok, we'll just trust that those locks and alarms work fine, and provide you with some guards in case something should happen." Think about it.


The signed files may and probably is fine and would prevent any undetected changes, BUT the AV company CANNOT guarantee that, they CANNOT trust that.


But no AV program is 100% successful anyway, so they cannot really guarantee that your system is 100% perfectly clean.

#24 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 26 December 2012 - 21:29

oh, so they should just not bother then :facepalm:

seriously, that's your argument ?

and use a quality AV, which pretty much excludes all the free ones and you're pretty damn close to 100%, even on zero day viruses if you keep the heuristics on and at a decent setting

#25 Astra.Xtreme

Astra.Xtreme

    Electrical Engineer

  • Tech Issues Solved: 4
  • Joined: 02-January 04
  • Location: Milwaukee, WI

Posted 26 December 2012 - 21:32

The example doesn't have to be specifically about MS and signed files.

you're still asking a company who's primary job it is to provide security to lay their trust in a third party and not go all the way in providing security.

Imagine if big security firms when hired for huge contracts went ahead and just said "ok so you already installed door locks and alarms yourself ? ok, we'll just trust that those locks and alarms work fine, and provide you with some guards in case something should happen." Think about it.


The signed files may and probably is fine and would prevent any undetected changes, BUT the AV company CANNOT guarantee that, they CANNOT trust that.


Again, you're missing the context here. We are talking about files signed by Microsoft. Unless there is a disgruntled employee writing Windows, there is a 0% chance a stock Microsoft signed file will be infected with something. I see no reason why Microsoft couldn't be trusted for publishing clean files in their OS. There's no logic in believing this would be a security risk. Scanning these files only adds unnecessary reliability risks.

#26 Denis W.

Denis W.

    The True North!

  • Tech Issues Solved: 6
  • Joined: 06-March 05
  • Location: Toronto, Ontario [CA]
  • OS: Windows 8.1 Pro and OS X Mavericks
  • Phone: iPhone 4S

Posted 26 December 2012 - 21:50

Is that option on or off by default?


It's on by default. So are the options for caching:

Posted Image

#27 xWhiplash

xWhiplash

    Neowinian Senior

  • Joined: 07-March 08

Posted 26 December 2012 - 21:57

oh, so they should just not bother then :facepalm:

seriously, that's your argument ?

and use a quality AV, which pretty much excludes all the free ones and you're pretty damn close to 100%, even on zero day viruses if you keep the heuristics on and at a decent setting


No my point was that you saying they cannot skip Windows files because they cannot guarantee 100% that they are clean, yet they are signed by Microsoft. They cannot guarantee Microsoft files are clean, but they cannot guarantee your computer is 100% clean either (close to 100% is still not 100%, so there is no sticker on the box that says "we guarantee your computer is 100% clean at all times").

Not once did I say they should just not try. These are Microsoft signed files we are talking about. You said they cannot guarantee they are 100% clean, but no AV has 100% detection rate anyway. I did not say they should just give up and go home.

#28 HawkMan

HawkMan

    Neowinian Senior

  • Tech Issues Solved: 4
  • Joined: 31-August 04
  • Location: Norway
  • Phone: Noka Lumia 1020

Posted 26 December 2012 - 22:31

Again, you're missing the context here. We are talking about files signed by Microsoft. Unless there is a disgruntled employee writing Windows, there is a 0% chance a stock Microsoft signed file will be infected with something. I see no reason why Microsoft couldn't be trusted for publishing clean files in their OS. There's no logic in believing this would be a security risk. Scanning these files only adds unnecessary reliability risks.


I think you're missing the point.

it doesn't matter WHO signed the files. The very purpose of security company is to NOT trust anyone elses security.

Also there's only a risk if you use a company with bad Q&A, generally all the free ones and the crappier paid ones. despite it previous bad rep, Norton is actually a very good AV today, with high performance, next to no system impact they actually make sure these things don't happen, and they're one of the best one zero day threats, and web threats that other AV's won't touch because they're not considered "viruses".

so pick one of the better security suites that cover a little more than just AV, and has a good rep and this isn't a problem, stay with the free ones, and expect to have you system files broken at some point.

#29 Astra.Xtreme

Astra.Xtreme

    Electrical Engineer

  • Tech Issues Solved: 4
  • Joined: 02-January 04
  • Location: Milwaukee, WI

Posted 26 December 2012 - 23:14

I think you're missing the point.

it doesn't matter WHO signed the files. The very purpose of security company is to NOT trust anyone elses security.


Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...
Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.
Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.

#30 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 26 December 2012 - 23:54

Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...
Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.
Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.


Sometimes you can disinfect system files or restore the original.