Just curious, where do you guys get your fixes to viruses? What % do you code fixes yourselves, what % do you get from IBM or 3rd party sources? Also how quick are you able to release the fixes from the time a virus is detected in the world?
ah, maybe I’ve got a misconception of virus detection and elimination. When a virus is detected I thought someone, somewhere wrote code to ‘fix’ it. But I guess all you need is a fingerprint of the virus, be able to recognize it and then eliminate it, is that the way it works? if so, then let me modify the question
“you guys can’t be cognizant of all virus in the world, how do you find out about all the viruses in the world and what’s hot”?
You are basically correct. When a virus is identified, its’ signature (or fingerprint) as you put it, is added into the vps database. Most viruses must be “coded” in a certain manner for them to infect, therefore, once the basic code is identified, all that is needed is to “delete/move or repair the virus file”.
Each vendor releases new updates on their own schedule depending upon how many new viruses are found in a certain time frame, and the “risk level” of each.
Sometimes, more than one update can be released in a day!
Avast team stays very productive as far as new virus database updates, and the PRO version has the Push feature which allows the Avast team to “send” you a new update and install it on a moments notice! Now that is the way to go! In general, one update a week is normal, but I have gotten as many 2-3 in a 10 day period!
As far as how Avast discovers a new virus…well, I think Igor would be best able to answer that one.
All we need is a signature of virus - but I can’t tell you more details, every AV company use little different method. We have lot of viruses in our archive but our priority is ItW (latest threats) viruses; those ones, you won’t be infected with in 99.99% cases - are added slowly. Although virus signatures are very important for av, it seems to me, like we’d still have few ppl for adding them.
I’m not the right person who you should ask :-, it’s cough Pavel cough.
I heard from my italian friend, who works in security company, he receives some important security warnings on his cell phone (paid service?), so do Pavel - I hope I don’t confuse you because i’m so little informed how it works in practice :(.
Do I remember correctly that one of the functions of CERT is coordinating and distributing new-virus info? Admittedly I think they’re more involved with viruses that are still mostly in the “lab” stage than the in-the-wild ones, and of course i.t.w. is our biggest concern as users.
For fear of belaboring the point, you’re right the basic question is how do you know when a virus exists so you can write a new VPS file. How fast you recognize the virus and send it out is critical to users.
McAfee and Symantec are down the street from me (Literally Symantec is 3 miles) with thousands of employees sitting around finding viruses. These guys have war rooms that looks like a NASA launch site.
The question comes up in the back of my head Can 10 guys in CZ find/hear about a virus as quickly as the big guys can and get the signature into the market?
Don’t get me wrong here, In 3-4 short days of me trying the product and trying Customer Support, I am truly impressed with you guys. AAA+ rating. In fact you should do your IPO now and build the capital base to make a run on consolidating the market, McAfee is truly vulnerable now.
Anyway that’s off the subject. Tech101 and all of you thanks for the info–it is the recognition and timeliness of the solution that I was asking about, i.e. how is it that you guys can do it better than the biggies…
Keep up the good work, Vaughn
Well, AV companies do cooperate on the technical side for years. It is a real MUST nowadays - and it is the only way how to catch today’s epidemies. And often even smaller companies are able to discover some virus sooner than the ‘big’ ones. But trust me - even Symantec does not have thousands of employees in the virus lab (they all sit in the marketing department ;D) - their virus lab is bigger than ours but the small difference could surprise you.
Yes, the key question is cooperation. When there is a new outbreak, the first send the info to others and this starts the standard procedure which results in new update ready for users.