hdvideo Do AV companies check each definition update against windows?

[Denis W. Veteran]

Is that option on or off by default?

It's on by default. So are the options for caching:

[xWhiplash]

oh, so they should just not bother then :facepalm:

seriously, that's your argument ?

and use a quality AV, which pretty much excludes all the free ones and you're pretty damn close to 100%, even on zero day viruses if you keep the heuristics on and at a decent setting

No my point was that you saying they cannot skip Windows files because they cannot guarantee 100% that they are clean, yet they are signed by Microsoft. They cannot guarantee Microsoft files are clean, but they cannot guarantee your computer is 100% clean either (close to 100% is still not 100%, so there is no sticker on the box that says "we guarantee your computer is 100% clean at all times").

Not once did I say they should just not try. These are Microsoft signed files we are talking about. You said they cannot guarantee they are 100% clean, but no AV has 100% detection rate anyway. I did not say they should just give up and go home.

[HawkMan]

Again, you're missing the context here. We are talking about files signed by Microsoft. Unless there is a disgruntled employee writing Windows, there is a 0% chance a stock Microsoft signed file will be infected with something. I see no reason why Microsoft couldn't be trusted for publishing clean files in their OS. There's no logic in believing this would be a security risk. Scanning these files only adds unnecessary reliability risks.

I think you're missing the point.

it doesn't matter WHO signed the files. The very purpose of security company is to NOT trust anyone elses security.

Also there's only a risk if you use a company with bad Q&A, generally all the free ones and the crappier paid ones. despite it previous bad rep, Norton is actually a very good AV today, with high performance, next to no system impact they actually make sure these things don't happen, and they're one of the best one zero day threats, and web threats that other AV's won't touch because they're not considered "viruses".

so pick one of the better security suites that cover a little more than just AV, and has a good rep and this isn't a problem, stay with the free ones, and expect to have you system files broken at some point.

[Astra.Xtreme]

I think you're missing the point.

it doesn't matter WHO signed the files. The very purpose of security company is to NOT trust anyone elses security.

Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...

Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.

Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.

[+Warwagon MVC]

Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...

Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.

Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.

Sometimes you can disinfect system files or restore the original.

[HawkMan]

Actually it does matter because in this context, Microsoft is signing the files... You know, the one who creates the actual OS itself...

Never in the history of Windows has there been a built-in virus created by Microsoft themselves. And I'm sure there never will be.

Even if a core .dll (or such) was infected, the only option would be to delete it which would crash the system anyway. What good does that do for anybody? I'll say it again, there's no reason to scan something that will never be broken as long as checksums line up. All the trust you need is in the checksum. Nothing magical about it.

ugh

:facepalm:

[remixedcat]

I would like to see webroot's take on this. I know we have a rep or two that posts here.... I'd love for them to participate in this thread.

[goretsky Supervisor]

Hello,

Some anti-malware companies check Microsoft Windows Updates. That means applying the update across all combinations of Microsoft Windows in all service pack levels, editions, and languages that they support, in combination with all of their products. This might be one or two thousand different configurations, so it's usually the sort of thing that's done headless in a server lab running all those configurations as VMs, although it could involve native hardware if there were a specific reason to do so (e.g., a strategic partnership between the anti-malware company and a device manufacturer for some kind of turnkey solution).

Regards,

Aryeh Goretsky

[remixedcat]

Hello,

Some anti-malware companies check Microsoft Windows Updates. That means applying the update across all combinations of Microsoft Windows in all service pack levels, editions, and languages that they support, in combination with all of their products. This might be one or two thousand different configurations, so it's usually the sort of thing that's done headless in a server lab running all those configurations as VMs, although it could involve native hardware if there were a specific reason to do so (e.g., a strategic partnership between the anti-malware company and a device manufacturer for some kind of turnkey solution).

Regards,

Aryeh Goretsky

many people are allergic to hypervizors....